From ac90c9012453c7e81ff0d0b472a55b116866c56e Mon Sep 17 00:00:00 2001 From: jim-p Date: Sat, 17 Dec 2016 23:01:33 -0500 Subject: Fix up validation and encoding on Captive Portal status pages. Fixes #7019 --- src/usr/local/www/status_captiveportal.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'src/usr/local/www/status_captiveportal.php') diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php index bf9b81b..5c88bc2 100644 --- a/src/usr/local/www/status_captiveportal.php +++ b/src/usr/local/www/status_captiveportal.php @@ -71,10 +71,15 @@ function clientcmp($a, $b) { return strcmp($a[$order], $b[$order]); } +$cp_status_orders = array('ip', 'mac', 'user', 'lastact', 'start'); if (!empty($cpzone)) { $cpdb = captiveportal_read_db(); if ($_GET['order']) { + /* If an invalid order was submitted, clear it. */ + if (!in_array($_GET['order'], $cp_status_orders)) { + unset($_GET['order']); + } if ($_GET['order'] == "ip") { $order = 2; } else if ($_GET['order'] == "mac") { @@ -92,7 +97,7 @@ if (!empty($cpzone)) { $pgtitle = array(gettext("Status"), gettext("Captive Portal")); if (!empty($cpzone)) { - $pgtitle[] = $a_cp[$cpzone]['zone']; + $pgtitle[] = htmlspecialchars($a_cp[$cpzone]['zone']); if (isset($config['voucher'][$cpzone]['enable'])) { $pgtitle[] = gettext("Active Users"); @@ -175,7 +180,7 @@ if (!empty($cpzone)): ?> foreach ($cpdb as $cpent): ?> - + $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); print htmlentities($mac); if (isset($mac_man[$mac_hi])) { - print "
{$mac_man[$mac_hi]}"; + print "
" . htmlspecialchars($mac_man[$mac_hi]) . ""; } } ?>   @@ -215,7 +220,7 @@ if (!empty($cpzone)): ?> endif; ?> - "> + ">