From 43180e9c49b913b5c6361822d839d51074890c20 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Wed, 2 Dec 2015 18:22:55 -0600 Subject: Sanitize the session_id/logout_id in captive portal. --- usr/local/captiveportal/index.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'usr') diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index a8b3842..eaaf920 100644 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -137,7 +137,9 @@ setTimeout('window.close();',5000) ; EOD; - captiveportal_disconnect_client($_POST['logout_id']); + + $safe_logout_id = SQLite3::escapeString($_POST['logout_id']); + captiveportal_disconnect_client($safe_logout_id); } else if ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) { captiveportal_logportalauth($clientmac,$clientmac,$clientip,"Blocked MAC address"); -- cgit v1.1