From 98bcf1f8b57478833f65e3309d0cc98ba4933c0a Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Sat, 6 Nov 2010 12:40:54 -0400
Subject: Fix misc input validation errors.  Move routed/* to same dir as pkg
 items

---
 usr/local/www/fbegin.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local/www/fbegin.inc')

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index 11598fa..eb1c0aa 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -124,7 +124,7 @@ $services_menu[] = array("IGMP proxy", "/services_igmpproxy.php");
 $services_menu[] = array("Load Balancer", "/load_balancer_pool.php");
 $services_menu[] = array("OLSR", "/pkg_edit.php?xml=olsrd.xml&id=0");
 $services_menu[] = array("PPPoE Server", "/vpn_pppoe.php");
-$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed/routed.xml&id=0");
+$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed.xml&id=0");
 $services_menu[] = array("SNMP", "/services_snmp.php");
 if(count($config['interfaces']) > 1) {
 	/* no use for UPnP in single-interface deployments
-- 
cgit v1.1


From 034f08e7dd102c09e60184220927e6c5cba9f10c Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Tue, 9 Nov 2010 11:38:27 -0500
Subject: Fix Misc XSS issues

---
 usr/local/www/fbegin.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local/www/fbegin.inc')

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index eb1c0aa..12f8428 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -221,7 +221,7 @@ if(! $g['disablehelpmenu']) {
 
 /* NOTICE ACKNOWLEDGE CODE by Erik Kristensen */
 if ($_REQUEST['noticeaction'] == 'acknowledge') {
-	$notice_id = $_REQUEST['noticeid'];
+	$notice_id = htmlspecialchars($_REQUEST['noticeid']);
 	close_notice($notice_id);
 }
 /**********************************************/
-- 
cgit v1.1


From 190d5d5814add2cc1a85fa8f3db01f54243acb58 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 12 Nov 2010 11:28:40 -0500
Subject: Fix XSS in notices.

---
 usr/local/www/fbegin.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/fbegin.inc')

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index 12f8428..b720ca1 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -271,9 +271,9 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') {
 								$extraargs="&xml=" . $_POST['id'];
 							$notice_msgs = '<a href="?noticeaction=acknowledge&noticeid=all' . $extraargs . '">Acknowledge All</a> &nbsp;&nbsp;&nbsp;&nbsp;.:.&nbsp;&nbsp;&nbsp;&nbsp; ';
 							if ($value['url']) {
-								$notice_msgs .= $date.' - <a href="'.$url.'?'.$request_string.'&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']</a>';
+								$notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']</a>';
 							} else {
-								$notice_msgs .= $date.' - <a href="?'.$request_string.'&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>';
+								$notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>';
 							}
 							$notice_msgs .= " &nbsp;&nbsp;&nbsp;&nbsp;.:.&nbsp;&nbsp;&nbsp;&nbsp; ";
 						}
-- 
cgit v1.1


From 060d4c5ec0ab239a1535c014f48651996bb59f4b Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 12 Nov 2010 12:02:21 -0500
Subject: More notice XSS fixes.

---
 usr/local/www/fbegin.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'usr/local/www/fbegin.inc')

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index b720ca1..0f8a795 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -262,13 +262,13 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') {
 							$noticemsg = str_replace("<br>", "", $noticemsg);
 							$extra_args = "";
 							if($_GET['xml']) 
-								$extraargs="&xml=" . $_GET['xml'];
+								$extraargs="&xml=" .  htmlspecialchars($_GET['xml']);
 							if($_POST['xml']) 
-								$extraargs="&xml=" . $_POST['xml'];
+								$extraargs="&xml=" .  htmlspecialchars($_POST['xml']);
 							if($_GET['id']) 
-								$extraargs="&xml=" . $_GET['id'];
+								$extraargs="&xml=" .  htmlspecialchars($_GET['id']);
 							if($_POST['id'])
-								$extraargs="&xml=" . $_POST['id'];
+								$extraargs="&xml=" .  htmlspecialchars($_POST['id']);
 							$notice_msgs = '<a href="?noticeaction=acknowledge&noticeid=all' . $extraargs . '">Acknowledge All</a> &nbsp;&nbsp;&nbsp;&nbsp;.:.&nbsp;&nbsp;&nbsp;&nbsp; ';
 							if ($value['url']) {
 								$notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']</a>';
-- 
cgit v1.1


From f01d8c4951c7319f0d06d43caa8b6ae35d2aa933 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 12 Nov 2010 12:15:14 -0500
Subject: One more potential XSS vector. Not sure how it would have text
 injected here, but better safe than sorry.

---
 usr/local/www/fbegin.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local/www/fbegin.inc')

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index 0f8a795..92d90fb 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -273,7 +273,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') {
 							if ($value['url']) {
 								$notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']</a>';
 							} else {
-								$notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>';
+								$notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '&noticeaction=acknowledge&noticeid='.$key.'">['.$value['id'].']'.htmlspecialchars($noticemsg).'</a>';
 							}
 							$notice_msgs .= " &nbsp;&nbsp;&nbsp;&nbsp;.:.&nbsp;&nbsp;&nbsp;&nbsp; ";
 						}
-- 
cgit v1.1