From fa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 4 Oct 2012 08:55:56 -0400
Subject: Verify posted kernel type against a defined list of good values.
 Discovered-By: Yann CAM

---
 usr/local/www/system_firmware.php | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php
index 9e876c9..b4cb0d4 100755
--- a/usr/local/www/system_firmware.php
+++ b/usr/local/www/system_firmware.php
@@ -50,6 +50,13 @@ require_once("guiconfig.inc");
 
 $curcfg = $config['system']['firmware'];
 
+$kerneltypes = array(
+	'SMP' => gettext("Multiprocessor kernel"),
+	'single' => gettext("Uniprocessor kernel"),
+	'wrap' => gettext("Embedded kernel"),
+	'Developers' => gettext("Developers kernel")
+);
+
 require_once("xmlrpc_client.inc");
 
 /* Allow additional execution time 0 = no limit. */
@@ -111,7 +118,7 @@ if(is_subsystem_dirty('firmwarelock')) {
 	exit;
 }
 
-if($_POST['kerneltype']) {
+if($_POST['kerneltype'] && in_array($_POST['kerneltype'], array_keys($kerneltypes))) {
 	if($_POST['kerneltype'] == "single") 
 		system("touch /boot/kernel/pfsense_kernel.txt");
 	else 
@@ -275,10 +282,9 @@ if(stristr($_FILES['ulfile']['name'],"nanobsd"))
 						  			if($g['platform'] == "pfSense") { 
 										echo gettext("Please select kernel type") , ": ";
 										echo "<select name='kerneltype'>";
-										echo "<option value='SMP'>" . gettext("Multiprocessor kernel") . "</option>";
-										echo "<option value='single'>". gettext("Uniprocessor kernel") . "</option>";
-										echo "<option value='wrap'>" . gettext("Embedded kernel") . "</option>";
-										echo "<option value='Developers'>" . gettext("Developers kernel") . "</option>";
+										foreach($kerneltypes as $kerntype => $kerndescr) {
+											echo "<option value='{$kerntype}'>{$kerndescr}</option>";
+										}
 										echo "</select>";
 										echo "<br><br>";
 									}
-- 
cgit v1.1