From e41ec5848f21015068255c1d61d01edf442e8e7e Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Wed, 12 Mar 2014 11:35:57 -0300
Subject: Improve checks for params 'id', 'dup' and other similar ones to make
 sure they are numeric integer, also, pass them through htmlspecialchars()
 before print

---
 usr/local/www/system_authservers.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'usr/local/www/system_authservers.php')

diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
index cbf5ebd..6b5c502 100644
--- a/usr/local/www/system_authservers.php
+++ b/usr/local/www/system_authservers.php
@@ -44,8 +44,9 @@ require_once("auth.inc");
 $pgtitle = array(gettext("System"), gettext("Authentication Servers"));
 $shortcut_section = "authentication";
 
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+	$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
 	$id = $_POST['id'];
 
 if (!is_array($config['system']['authserver']))
@@ -788,7 +789,7 @@ function select_clicked() {
 							<td width="78%">
 								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
 								<?php if (isset($id) && $a_server[$id]): ?>
-								<input name="id" type="hidden" value="<?=$id;?>" />
+								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
 								<?php endif;?>
 							</td>
 						</tr>
-- 
cgit v1.1