From e41ec5848f21015068255c1d61d01edf442e8e7e Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 12 Mar 2014 11:35:57 -0300 Subject: Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print --- usr/local/www/firewall_rules_edit.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'usr/local/www/firewall_rules_edit.php') diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 47bee3b..769c540 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -$id = $_GET['id']; -if (is_numeric($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { @@ -203,7 +204,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; $pconfig['tracker'] = $a_filter[$id]['tracker']; @@ -219,7 +220,7 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); read_altq_config(); /* XXX: */ -- cgit v1.1