From e41ec5848f21015068255c1d61d01edf442e8e7e Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 12 Mar 2014 11:35:57 -0300 Subject: Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print --- usr/local/www/system_crlmanager.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'usr/local/www/system_crlmanager.php') diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 6390a9e..0e3f230 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -49,8 +49,9 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -388,7 +389,7 @@ function method_change() { " /> - + @@ -419,7 +420,7 @@ function method_change() {   " /> - + @@ -637,4 +638,4 @@ method_change(); - \ No newline at end of file + -- cgit v1.1