From 46d3f6a6362e15e188b77d9992f59a9ff3afe781 Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 4 Aug 2014 15:23:51 -0400 Subject: Fix input validation logic on diag_testport.php, escape more shell arguments for good measure --- usr/local/www/diag_testport.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/www/diag_testport.php b/usr/local/www/diag_testport.php index bfc0a59..b04a9d7 100644 --- a/usr/local/www/diag_testport.php +++ b/usr/local/www/diag_testport.php @@ -68,7 +68,7 @@ if ($_POST || $_REQUEST['host']) { $input_errors[] = gettext("Please enter a valid port number."); } - if (is_numeric($_REQUEST['srcport']) && !is_port($_REQUEST['srcport'])) { + if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) { $input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); } @@ -198,11 +198,11 @@ include("head.inc"); ?> echo "