From dc6927bcc7d6a6817d6a52ab39098a6007421b94 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Tue, 29 Dec 2015 19:46:12 -0600
Subject: Add output validation here too. Ticket #5351

---
 src/usr/local/www/widgets/widgets/traffic_graphs.widget.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/usr/local/www/widgets')

diff --git a/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php
index 4d421ea..2360fc5 100644
--- a/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php
+++ b/src/usr/local/www/widgets/widgets/traffic_graphs.widget.php
@@ -86,7 +86,7 @@ if (ipsec_enabled()) {
 }
 
 if ($_POST) {
-	if (isset($_POST["refreshinterval"]) && is_numeric($_POST["refreshinterval"])) {
+	if (isset($_POST["refreshinterval"]) && is_numericint($_POST["refreshinterval"])) {
 		$a_config["refreshinterval"] = $_POST["refreshinterval"];
 	}
 
@@ -117,7 +117,7 @@ if ($first_time) {
 	$shown[$keys[0]] = true;
 }
 
-if (isset($a_config["refreshinterval"])) {
+if (isset($a_config["refreshinterval"]) && is_numericint($a_config["refreshinterval"])) {
 	$refreshinterval = $a_config["refreshinterval"];
 } else {
 	$refreshinterval = 10;
-- 
cgit v1.1