From b0ae52134ebd4ce49a5bf41570efc3cf877adf0e Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Tue, 24 Dec 2013 16:25:57 +0000
Subject: Use intval here to not trust php and also use empty which gives more
 protections

---
 etc/inc/captiveportal.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 8950df3..a2cbc48 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -716,13 +716,13 @@ function captiveportal_prune_old() {
 				} else if ($cpcfg['reauthenticateacct'] == "interimupdate") {
 					$session_time = $pruning_time - $cpentry[0];
 					if (!empty($cpentry[10]) && $cpentry[10] > 60)
-						$interval = $cpentry[10];
+						$interval = intval($cpentry[10]);
 					else
 						$interval = 0;
 					$past_interval_min = ($session_time > $interval);
-					if ($interval != 0)
+					if (!empty($interval))
 						$within_interval = ($session_time % $interval >= 0 && $session_time % $interval <= 59);
-					if ($interval === 0 || ($interval > 0 && $past_interval_min && $within_interval)) {
+					if (empty($interval) || ($interval > 0 && $past_interval_min && $within_interval)) {
 						RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
 							$cpentry[4], // username
 							$cpentry[5], // sessionid
-- 
cgit v1.1