From 46d3f6a6362e15e188b77d9992f59a9ff3afe781 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 4 Aug 2014 15:23:51 -0400
Subject: Fix input validation logic on diag_testport.php, escape more shell
 arguments for good measure

---
 usr/local/www/diag_testport.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr/local/www/diag_testport.php b/usr/local/www/diag_testport.php
index bfc0a59..b04a9d7 100644
--- a/usr/local/www/diag_testport.php
+++ b/usr/local/www/diag_testport.php
@@ -68,7 +68,7 @@ if ($_POST || $_REQUEST['host']) {
 		$input_errors[] = gettext("Please enter a valid port number.");
 	}
 
-	if (is_numeric($_REQUEST['srcport']) && !is_port($_REQUEST['srcport'])) {
+	if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) {
 		$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
 	}
 
@@ -198,11 +198,11 @@ include("head.inc"); ?>
 			echo "<textarea id=\"testportCaptured\" style=\"width:98%\" name=\"code\" rows=\"15\" cols=\"66\" readonly=\"readonly\">";
 			$result = "";
 			$nc_base_cmd = "/usr/bin/nc";
-			$nc_args = "-w {$timeout}";
+			$nc_args = "-w " . escapeshellarg($timeout);
 			if (!$showtext)
 				$nc_args .= " -z ";
 			if (!empty($srcport))
-				$nc_args .= " -p {$srcport} ";
+				$nc_args .= " -p " . escapeshellarg($srcport) . " ";
 
 			/* Attempt to determine the interface address, if possible. Else try both. */
 			if (is_ipaddrv4($host)) {
-- 
cgit v1.1