diff options
-rw-r--r-- | src/usr/local/www/status_captiveportal.php | 13 | ||||
-rw-r--r-- | src/usr/local/www/status_captiveportal_expire.php | 26 | ||||
-rw-r--r-- | src/usr/local/www/status_captiveportal_test.php | 26 | ||||
-rw-r--r-- | src/usr/local/www/status_captiveportal_voucher_rolls.php | 25 | ||||
-rw-r--r-- | src/usr/local/www/status_captiveportal_vouchers.php | 25 |
5 files changed, 69 insertions, 46 deletions
diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php index bf9b81b..5c88bc2 100644 --- a/src/usr/local/www/status_captiveportal.php +++ b/src/usr/local/www/status_captiveportal.php @@ -71,10 +71,15 @@ function clientcmp($a, $b) { return strcmp($a[$order], $b[$order]); } +$cp_status_orders = array('ip', 'mac', 'user', 'lastact', 'start'); if (!empty($cpzone)) { $cpdb = captiveportal_read_db(); if ($_GET['order']) { + /* If an invalid order was submitted, clear it. */ + if (!in_array($_GET['order'], $cp_status_orders)) { + unset($_GET['order']); + } if ($_GET['order'] == "ip") { $order = 2; } else if ($_GET['order'] == "mac") { @@ -92,7 +97,7 @@ if (!empty($cpzone)) { $pgtitle = array(gettext("Status"), gettext("Captive Portal")); if (!empty($cpzone)) { - $pgtitle[] = $a_cp[$cpzone]['zone']; + $pgtitle[] = htmlspecialchars($a_cp[$cpzone]['zone']); if (isset($config['voucher'][$cpzone]['enable'])) { $pgtitle[] = gettext("Active Users"); @@ -175,7 +180,7 @@ if (!empty($cpzone)): ?> foreach ($cpdb as $cpent): ?> <tr> <td> - <?=$cpent[2]?> + <?= htmlspecialchars($cpent[2]); ?> </td> <td> <?php @@ -184,7 +189,7 @@ if (!empty($cpzone)): ?> $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); print htmlentities($mac); if (isset($mac_man[$mac_hi])) { - print "<br /><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>"; + print "<br /><font size=\"-2\"><i>" . htmlspecialchars($mac_man[$mac_hi]) . "</i></font>"; } } ?> @@ -215,7 +220,7 @@ if (!empty($cpzone)): ?> endif; ?> <td> - <a href="?zone=<?=htmlspecialchars($cpzone)?>&order=<?=$_GET['order']?>&showact=<?=htmlspecialchars($_GET['showact'])?>&act=del&id=<?=$cpent[5]?>"><i class="fa fa-trash" title="<?=gettext("Disconnect this User")?>"></i></a> + <a href="?zone=<?=htmlspecialchars($cpzone)?>&order=<?=htmlspecialchars($_GET['order'])?>&showact=<?=htmlspecialchars($_GET['showact'])?>&act=del&id=<?=htmlspecialchars($cpent[5])?>"><i class="fa fa-trash" title="<?=gettext("Disconnect this User")?>"></i></a> </td> </tr> <?php diff --git a/src/usr/local/www/status_captiveportal_expire.php b/src/usr/local/www/status_captiveportal_expire.php index d1e1292..d93c4d6 100644 --- a/src/usr/local/www/status_captiveportal_expire.php +++ b/src/usr/local/www/status_captiveportal_expire.php @@ -40,17 +40,21 @@ if (isset($_POST['zone'])) { } $cpzone = strtolower($cpzone); -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; -} - if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } $a_cp =& $config['captiveportal']; +/* If the zone does not exist, do not display the invalid zone */ +if (!array_key_exists($cpzone, $a_cp)) { + $cpzone = ""; +} + +if (empty($cpzone)) { + header("Location: services_captiveportal_zones.php"); + exit; +} -$pgtitle = array(gettext("Status"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Expire Vouchers")); +$pgtitle = array(gettext("Status"), gettext("Captive Portal"), htmlspecialchars($a_cp[$cpzone]['zone']), gettext("Expire Vouchers")); include("head.inc"); @@ -65,11 +69,11 @@ if ($_POST) { } $tab_array = array(); -$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Test Vouchers"), false, "status_captiveportal_test.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Expire Vouchers"), true, "status_captiveportal_expire.php?zone={$cpzone}"); +$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Test Vouchers"), false, "status_captiveportal_test.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Expire Vouchers"), true, "status_captiveportal_expire.php?zone=" . htmlspecialchars($cpzone)); display_top_tabs($tab_array); $form = new Form(false); diff --git a/src/usr/local/www/status_captiveportal_test.php b/src/usr/local/www/status_captiveportal_test.php index 13363af..5e185b5 100644 --- a/src/usr/local/www/status_captiveportal_test.php +++ b/src/usr/local/www/status_captiveportal_test.php @@ -40,17 +40,21 @@ if (isset($_POST['zone'])) { } $cpzone = strtolower($cpzone); -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; -} - if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } $a_cp =& $config['captiveportal']; +/* If the zone does not exist, do not display the invalid zone */ +if (!array_key_exists($cpzone, $a_cp)) { + $cpzone = ""; +} + +if (empty($cpzone)) { + header("Location: services_captiveportal_zones.php"); + exit; +} -$pgtitle = array(gettext("Status"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Test Vouchers")); +$pgtitle = array(gettext("Status"), gettext("Captive Portal"), htmlspecialchars($a_cp[$cpzone]['zone']), gettext("Test Vouchers")); $shortcut_section = "captiveportal-vouchers"; include("head.inc"); @@ -73,11 +77,11 @@ if ($_POST) { } $tab_array = array(); -$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Test Vouchers"), true, "status_captiveportal_test.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone={$cpzone}"); +$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Test Vouchers"), true, "status_captiveportal_test.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone=" . htmlspecialchars($cpzone)); display_top_tabs($tab_array); $form = new Form(false); diff --git a/src/usr/local/www/status_captiveportal_voucher_rolls.php b/src/usr/local/www/status_captiveportal_voucher_rolls.php index 4f3e7a8..2294fdb 100644 --- a/src/usr/local/www/status_captiveportal_voucher_rolls.php +++ b/src/usr/local/www/status_captiveportal_voucher_rolls.php @@ -40,16 +40,21 @@ if (isset($_POST['zone'])) { } $cpzone = strtolower($cpzone); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} +$a_cp =& $config['captiveportal']; +/* If the zone does not exist, do not display the invalid zone */ +if (!array_key_exists($cpzone, $a_cp)) { + $cpzone = ""; +} + if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); exit; } -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Status"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Voucher Rolls")); +$pgtitle = array(gettext("Status"), gettext("Captive Portal"), htmlspecialchars($a_cp[$cpzone]['zone']), gettext("Voucher Rolls")); $shortcut_section = "captiveportal-vouchers"; if (!is_array($config['voucher'][$cpzone]['roll'])) { @@ -61,11 +66,11 @@ $a_roll = &$config['voucher'][$cpzone]['roll']; include("head.inc"); $tab_array = array(); -$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Voucher Rolls"), true, "status_captiveportal_voucher_rolls.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Test Vouchers"), false, "status_captiveportal_test.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone={$cpzone}"); +$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Voucher Rolls"), true, "status_captiveportal_voucher_rolls.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Test Vouchers"), false, "status_captiveportal_test.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone=" . htmlspecialchars($cpzone)); display_top_tabs($tab_array); ?> diff --git a/src/usr/local/www/status_captiveportal_vouchers.php b/src/usr/local/www/status_captiveportal_vouchers.php index 63b39d1..d0ad48a 100644 --- a/src/usr/local/www/status_captiveportal_vouchers.php +++ b/src/usr/local/www/status_captiveportal_vouchers.php @@ -40,16 +40,21 @@ if (isset($_POST['zone'])) { } $cpzone = strtolower($cpzone); +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); +} +$a_cp =& $config['captiveportal']; +/* If the zone does not exist, do not display the invalid zone */ +if (!array_key_exists($cpzone, $a_cp)) { + $cpzone = ""; +} + if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); exit; } -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Status"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Active Vouchers")); +$pgtitle = array(gettext("Status"), gettext("Captive Portal"), htmlspecialchars($a_cp[$cpzone]['zone']), gettext("Active Vouchers")); $shortcut_section = "captiveportal-vouchers"; function clientcmp($a, $b) { @@ -97,11 +102,11 @@ if ($_GET['order']) { include("head.inc"); $tab_array = array(); -$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Active Vouchers"), true, "status_captiveportal_vouchers.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Test Vouchers"), false, "status_captiveportal_test.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone={$cpzone}"); +$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Active Vouchers"), true, "status_captiveportal_vouchers.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Test Vouchers"), false, "status_captiveportal_test.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone=" . htmlspecialchars($cpzone)); display_top_tabs($tab_array); ?> |