From eb29a44aab5f163c97d41e5b4ecb5d89a083742d Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 12 May 2016 07:51:39 -0300 Subject: Add a safebelt to makesure $cpzone is always in lowercase. Ticket #6278 --- src/usr/local/captiveportal/index.php | 2 +- src/usr/local/www/services_captiveportal.php | 1 + src/usr/local/www/services_captiveportal_filemanager.php | 1 + src/usr/local/www/services_captiveportal_hostname.php | 1 + src/usr/local/www/services_captiveportal_hostname_edit.php | 2 ++ src/usr/local/www/services_captiveportal_ip.php | 1 + src/usr/local/www/services_captiveportal_ip_edit.php | 1 + src/usr/local/www/services_captiveportal_mac.php | 1 + src/usr/local/www/services_captiveportal_mac_edit.php | 1 + src/usr/local/www/services_captiveportal_vouchers.php | 1 + src/usr/local/www/services_captiveportal_vouchers_edit.php | 1 + src/usr/local/www/status_captiveportal.php | 2 +- src/usr/local/www/status_captiveportal_expire.php | 1 + src/usr/local/www/status_captiveportal_test.php | 1 + src/usr/local/www/status_captiveportal_voucher_rolls.php | 1 + src/usr/local/www/status_captiveportal_vouchers.php | 1 + src/usr/local/www/widgets/widgets/captive_portal_status.widget.php | 3 ++- 17 files changed, 19 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/usr/local/captiveportal/index.php b/src/usr/local/captiveportal/index.php index 93c4e30..b1f693a 100644 --- a/src/usr/local/captiveportal/index.php +++ b/src/usr/local/captiveportal/index.php @@ -42,7 +42,7 @@ header("Connection: close"); global $cpzone, $cpzoneid; -$cpzone = $_REQUEST['zone']; +$cpzone = strtolower($_REQUEST['zone']); $cpcfg = $config['captiveportal'][$cpzone]; if (empty($cpcfg)) { log_error("Submission to captiveportal with unknown parameter zone: " . htmlspecialchars($cpzone)); diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index b42306e..3ca3fa8 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -82,6 +82,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_filemanager.php b/src/usr/local/www/services_captiveportal_filemanager.php index 39a839a..7e9737d 100644 --- a/src/usr/local/www/services_captiveportal_filemanager.php +++ b/src/usr/local/www/services_captiveportal_filemanager.php @@ -85,6 +85,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php index 05b6fff..1834f03 100644 --- a/src/usr/local/www/services_captiveportal_hostname.php +++ b/src/usr/local/www/services_captiveportal_hostname.php @@ -77,6 +77,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_hostname_edit.php b/src/usr/local/www/services_captiveportal_hostname_edit.php index 9ab00e5..1e623a0 100644 --- a/src/usr/local/www/services_captiveportal_hostname_edit.php +++ b/src/usr/local/www/services_captiveportal_hostname_edit.php @@ -81,6 +81,8 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); + $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php index c844347..b3f8198 100644 --- a/src/usr/local/www/services_captiveportal_ip.php +++ b/src/usr/local/www/services_captiveportal_ip.php @@ -76,6 +76,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php index 7b3930c..e32b82b 100644 --- a/src/usr/local/www/services_captiveportal_ip_edit.php +++ b/src/usr/local/www/services_captiveportal_ip_edit.php @@ -84,6 +84,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php index d80600b..6376ccd 100644 --- a/src/usr/local/www/services_captiveportal_mac.php +++ b/src/usr/local/www/services_captiveportal_mac.php @@ -77,6 +77,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php index a838292..20ad744 100644 --- a/src/usr/local/www/services_captiveportal_mac_edit.php +++ b/src/usr/local/www/services_captiveportal_mac_edit.php @@ -87,6 +87,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php index a82dcc8..237c527 100644 --- a/src/usr/local/www/services_captiveportal_vouchers.php +++ b/src/usr/local/www/services_captiveportal_vouchers.php @@ -77,6 +77,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if ($_REQUEST['generatekey']) { exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private"); diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php index 698d7e5..de96c32 100644 --- a/src/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php @@ -72,6 +72,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php index 36abe13..f1e0b94 100644 --- a/src/usr/local/www/status_captiveportal.php +++ b/src/usr/local/www/status_captiveportal.php @@ -73,7 +73,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } - +$cpzone = strtolower($cpzone); if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); diff --git a/src/usr/local/www/status_captiveportal_expire.php b/src/usr/local/www/status_captiveportal_expire.php index 7d7bc7c..ba57a93 100644 --- a/src/usr/local/www/status_captiveportal_expire.php +++ b/src/usr/local/www/status_captiveportal_expire.php @@ -72,6 +72,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/status_captiveportal_test.php b/src/usr/local/www/status_captiveportal_test.php index 8d447cd..9fb614b 100644 --- a/src/usr/local/www/status_captiveportal_test.php +++ b/src/usr/local/www/status_captiveportal_test.php @@ -72,6 +72,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/status_captiveportal_voucher_rolls.php b/src/usr/local/www/status_captiveportal_voucher_rolls.php index ca2b60d..d1c869d 100644 --- a/src/usr/local/www/status_captiveportal_voucher_rolls.php +++ b/src/usr/local/www/status_captiveportal_voucher_rolls.php @@ -72,6 +72,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/status_captiveportal_vouchers.php b/src/usr/local/www/status_captiveportal_vouchers.php index 4a18d46..cf311d1 100644 --- a/src/usr/local/www/status_captiveportal_vouchers.php +++ b/src/usr/local/www/status_captiveportal_vouchers.php @@ -72,6 +72,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php index dc322cb..f610cf0 100644 --- a/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -74,6 +74,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } +$cpzone = strtolower($cpzone); if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { $cpzoneid = $a_cp[$cpzone]['zoneid']; @@ -155,4 +156,4 @@ if ($_GET['order']) { endforeach; ?> - \ No newline at end of file + -- cgit v1.1