From 4cc342453cce69fc8da06ff22bbe79aadb7bd4df Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 6 Jun 2014 11:48:15 -0300 Subject: Add some protection to parameters that come through _GET --- etc/inc/service-utils.inc | 18 +++++++++--------- usr/local/www/status_services.php | 12 ++++++++---- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 0e9009b..7b78f5f 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -515,7 +515,7 @@ function service_control_start($name, $extras) { services_radvd_configure(); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); captiveportal_init_webgui_zonename($zone); break; case 'ntpd': @@ -550,9 +550,9 @@ function service_control_start($name, $extras) { vpn_ipsec_force_reload(); break; case 'openvpn': - $vpnmode = isset($extras['vpnmode']) ? $extras['vpnmode'] : $extras['mode']; + $vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']); if (($vpnmode == "server") || ($vpnmode == "client")) { - $id = isset($extras['vpnid']) ? $extras['vpnid'] : $extras['id']; + $id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']); $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; if (file_exists($configfile)) openvpn_restart_by_vpnid($vpnmode, $id); @@ -574,7 +574,7 @@ function service_control_stop($name, $extras) { killbypid("{$g['varrun_path']}/radvd.pid"); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); break; @@ -618,9 +618,9 @@ function service_control_stop($name, $extras) { exec("killall -9 racoon"); break; case 'openvpn': - $vpnmode = $extras['vpnmode']; + $vpnmode = htmlspecialchars($extras['vpnmode']); if (($vpnmode == "server") or ($vpnmode == "client")) { - $id = $extras['id']; + $id = htmlspecialchars($extras['id']); $pidfile = "{$g['varrun_path']}/openvpn_{$vpnmode}{$id}.pid"; killbypid($pidfile); } @@ -641,7 +641,7 @@ function service_control_restart($name, $extras) { services_radvd_configure(); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); captiveportal_init_webgui_zonename($zone); @@ -679,9 +679,9 @@ function service_control_restart($name, $extras) { vpn_ipsec_force_reload(); break; case 'openvpn': - $vpnmode = $extras['vpnmode']; + $vpnmode = htmlspecialchars($extras['vpnmode']); if ($vpnmode == "server" || $vpnmode == "client") { - $id = $extras['id']; + $id = htmlspecialchars($extras['id']); $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; if (file_exists($configfile)) openvpn_restart_by_vpnid($vpnmode, $id); diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 731b79b..61268d6 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -41,16 +41,20 @@ require_once("guiconfig.inc"); require_once("service-utils.inc"); require_once("shortcuts.inc"); -if (!empty($_GET['service'])) { +$service_name = ''; +if (isset($_GET['service'])) + $service_name = htmlspecialchars($_GET['service']); + +if (!empty($service_name)) { switch ($_GET['mode']) { case "restartservice": - $savemsg = service_control_restart($_GET['service'], $_GET); + $savemsg = service_control_restart($service_name, $_GET); break; case "startservice": - $savemsg = service_control_start($_GET['service'], $_GET); + $savemsg = service_control_start($service_name, $_GET); break; case "stopservice": - $savemsg = service_control_stop($_GET['service'], $_GET); + $savemsg = service_control_stop($service_name, $_GET); break; } sleep(5); -- cgit v1.1