From 09294e847f1216b843d7199b611428adcf5072e4 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 21 Jan 2013 21:08:59 +0000 Subject: Validate the cpzone parameter passed that it actually is a valid zone --- usr/local/captiveportal/index.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 28931a4..35a2cd3 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -46,6 +46,12 @@ header("Connection: close"); $cpzone = $_REQUEST['zone']; $cpcfg = $config['captiveportal'][$cpzone]; +if (empty($cpcfg)) { + log_error("Submission to captiveportal with unkown parameter zone: " . htmlspecialchars($cpzone)); + portal_reply_page($redirurl, "error", $errormsg); + ob_flush(); + return; +} $orig_host = $_ENV['HTTP_HOST']; /* NOTE: IE 8/9 is buggy and that is why this is needed */ -- cgit v1.1