From ef2a753c7566a17da87c93de0d933259f89c87d8 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 3 Dec 2007 20:33:46 +0000 Subject: * Run through all posted values and encode them to a temporary variable. IF the contents differ then the operator is doing something bad. Simply reject the item with invalid character error and let them fix their XSS exploit attempt, etc. --- usr/local/www/firewall_nat_edit.php | 9 +++++++++ usr/local/www/firewall_rules_edit.php | 9 +++++++++ 2 files changed, 18 insertions(+) (limited to 'usr/local') diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index c840029..6e111d8 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -77,6 +77,15 @@ if($id) { if (isset($_GET['dup'])) unset($id); +/* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ +foreach($_POST as $post) { + $newpost = mb_convert_encoding($post,"HTML-ENTITIES","auto"); + if($newpost <> $post) + $input_errors[] = "Invalid characters detected. Please remove invalid characters and save again."; +} + if ($_POST) { if ($_POST['beginport_cust'] && !$_POST['beginport']) diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 15b0eda..cd427d4 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -188,6 +188,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach($_POST as $post) { + $newpost = mb_convert_encoding($post,"HTML-ENTITIES","auto"); + if($newpost <> $post) + $input_errors[] = "Invalid characters detected. Please remove invalid characters and save again."; + } + /* input validation */ $reqdfields = explode(" ", "type interface proto src dst"); $reqdfieldsn = explode(",", "Type,Interface,Protocol,Source,Destination"); -- cgit v1.1