diff options
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 9d850df..f69cfd3 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -$p1index = $_GET['p1index']; -if (isset($_POST['p1index'])) +if (is_numericint($_GET['p1index'])) + $p1index = $_GET['p1index']; +if (isset($_POST['p1index']) && is_numericint($_GET['p1index'])) $p1index = $_POST['p1index']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p1index = $_GET['dup']; -} if (isset($p1index) && $a_phase1[$p1index]) { // don't copy the ikeid on dup - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['ikeid'] = $a_phase1[$p1index]['ikeid']; $old_ph1ent = $a_phase1[$p1index]; @@ -132,7 +132,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p1index); if ($_POST) { @@ -892,7 +892,7 @@ function dpdchkbox_change() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p1index) && $a_phase1[$p1index]): ?> - <input name="p1index" type="hidden" value="<?=$p1index;?>"/> + <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"/> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"/> |
