From 1008f6fd833a9e8693f2b4dd8c605896c3dd3b08 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Fri, 3 Mar 2017 11:15:01 +0100 Subject: Sanitize linebreaks for textarea fields in packages on save (Bug #5306) --- src/usr/local/www/pkg_edit.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/pkg_edit.php b/src/usr/local/www/pkg_edit.php index 559645b..f2603e5 100644 --- a/src/usr/local/www/pkg_edit.php +++ b/src/usr/local/www/pkg_edit.php @@ -33,6 +33,7 @@ require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); require_once("pkg-utils.inc"); +require_once("util.inc"); /* dummy stubs needed by some code that was MFC'd */ function pfSenseHeader($location) { @@ -159,7 +160,6 @@ if ($_POST) { } } - // donotsave is enabled. lets simply exit. if (empty($pkg['donotsave'])) { // store values in xml configuration file. @@ -175,11 +175,24 @@ if ($_POST) { foreach ($_POST as $key => $value) { $matches = array(); if (preg_match("/^{$rowhelperfield['fieldname']}(\d+)$/", $key, $matches)) { - $pkgarr[$rowhelpername][$matches[1]][$rowhelperfield['fieldname']] = $value; + if ($rowhelperfield['type'] == "textarea") { + $pkgarr[$rowhelpername][$matches[1]][$rowhelperfield['fieldname']] = unixnewlines($value); + } else { + $pkgarr[$rowhelpername][$matches[1]][$rowhelperfield['fieldname']] = $value; + } } } } break; + case "textarea": + $fieldname = $fields['fieldname']; + $fieldvalue = unixnewlines(trim($_POST[$fieldname])); + if ($fields['encoding'] == 'base64') { + $fieldvalue = base64_encode($fieldvalue); + } + if ($fieldname) { + $pkgarr[$fieldname] = $fieldvalue; + } default: $fieldname = $fields['fieldname']; if ($fieldname == "interface_array") { @@ -243,6 +256,7 @@ if ($_POST) { $get_from_post = true; } } elseif (!$input_errors) { + // donotsave is enabled. lets simply exit. exit; } } -- cgit v1.1