summaryrefslogtreecommitdiffstats
path: root/usr/local/www/system_certmanager.php
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www/system_certmanager.php')
-rw-r--r--usr/local/www/system_certmanager.php19
1 files changed, 11 insertions, 8 deletions
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php
index 7acc2eb..38993c6 100644
--- a/usr/local/www/system_certmanager.php
+++ b/usr/local/www/system_certmanager.php
@@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
+if (is_numericint($_GET['userid']))
+ $userid = $_GET['userid'];
+if (isset($_POST['userid']) && is_numericint($_POST['userid']))
$userid = $_POST['userid'];
-if (is_numeric($userid)) {
+
+if (isset($userid)) {
$cert_methods["existing"] = gettext("Choose an existing certificate");
if (!is_array($config['system']['user']))
$config['system']['user'] = array();
$a_user =& $config['system']['user'];
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -969,7 +972,7 @@ function internalca_change() {
<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
<td width="78%" class="vtable">
<?php if (isset($userid) && $a_user): ?>
- <input name="userid" type="hidden" value="<?=$userid;?>" />
+ <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
<?php endif;?>
<select name='certref' class="formselect">
<?php
@@ -1003,7 +1006,7 @@ function internalca_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_cert[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
@@ -1056,7 +1059,7 @@ function internalca_change() {
<?php endif; */ ?>
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
<?php if (isset($id) && $a_cert[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<input name="act" type="hidden" value="csr" />
<?php endif;?>
</td>
OpenPOWER on IntegriCloud