From 98bcf1f8b57478833f65e3309d0cc98ba4933c0a Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Sat, 6 Nov 2010 12:40:54 -0400
Subject: Fix misc input validation errors.  Move routed/* to same dir as pkg
 items

---
 usr/local/www/fbegin.inc   | 2 +-
 usr/local/www/pkg.php      | 6 +++++-
 usr/local/www/pkg_edit.php | 6 ++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'usr/local/www')

diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index 11598fa..eb1c0aa 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -124,7 +124,7 @@ $services_menu[] = array("IGMP proxy", "/services_igmpproxy.php");
 $services_menu[] = array("Load Balancer", "/load_balancer_pool.php");
 $services_menu[] = array("OLSR", "/pkg_edit.php?xml=olsrd.xml&id=0");
 $services_menu[] = array("PPPoE Server", "/vpn_pppoe.php");
-$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed/routed.xml&id=0");
+$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed.xml&id=0");
 $services_menu[] = array("SNMP", "/services_snmp.php");
 if(count($config['interfaces']) > 1) {
 	/* no use for UPnP in single-interface deployments
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php
index e77f38a..5e4a65f 100755
--- a/usr/local/www/pkg.php
+++ b/usr/local/www/pkg.php
@@ -45,7 +45,7 @@ function gentitle_pkg($pgname) {
 	return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;
 }
 
-$xml = htmlspecialchars($_REQUEST['xml']);
+$xml = $_REQUEST['xml'];
 
 if($xml == "") {
 	print_info_box_np(gettext("ERROR: No package defined."));
@@ -53,6 +53,10 @@ if($xml == "") {
 } else {
 	if(file_exists("/usr/local/pkg/" . $xml))
 		$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
+	else {
+		echo "File not found " . htmlspecialchars($xml);
+		exit;
+	}
 }
 
 if($pkg['donotsave'] <> "") {
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php
index f9cac9d..1f2b7d4 100755
--- a/usr/local/www/pkg_edit.php
+++ b/usr/local/www/pkg_edit.php
@@ -83,6 +83,12 @@ $pgtitle      = $title;
 $id = $_GET['id'];
 if (isset($_POST['id']))
 	$id = htmlspecialchars($_POST['id']);
+
+if(!is_numeric($id)) {
+	Header("Location: /");
+	exit;
+}
+	
 	
 // Not posting?  Then user is editing a record. There must be a valid id
 // when editing a record.
-- 
cgit v1.1