Do a basic validation on useaddr value

author: Renato Botelho <garga@FreeBSD.org> 2014-06-18 12:39:51 -0300
committer: Renato Botelho <garga@FreeBSD.org> 2014-06-18 12:39:51 -0300
commit: 2092dc4865e008f703353be65f23e7389f527ab4 (patch)
tree: 523923c890cda247ed0570ac6aae47e72f65d185
parent: 8086fa63e624dfbe32bd6bfcd03a77d5d701117e (diff)
download: pfsense-packages-2092dc4865e008f703353be65f23e7389f527ab4.tar.gz
pfsense-packages-2092dc4865e008f703353be65f23e7389f527ab4.tar.bz2
pfsense-packages-2092dc4865e008f703353be65f23e7389f527ab4.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 8d002397..086c2a52 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -131,10 +131,14 @@ if (!empty($act)) {
 	else
 		$nokeys = false;
 
-	if (empty($_GET['useaddr'])) {
+	$useaddr = '';
+	if (isset($_GET['useaddr']) && !empty($_GET['useaddr']))
+		$useaddr = trim($_GET['useaddr']);
+
+	if (!(is_ipaddr($useaddr) || is_hostname($useaddr) ||
+	    in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname"))))
 		$input_errors[] = "You need to specify an IP or hostname.";
-	} else
-		$useaddr = $_GET['useaddr'];
+
 	$advancedoptions = $_GET['advancedoptions'];
 	$openvpnmanager = $_GET['openvpnmanager'];
author	Renato Botelho <garga@FreeBSD.org>	2014-06-18 12:39:51 -0300
committer	Renato Botelho <garga@FreeBSD.org>	2014-06-18 12:39:51 -0300
commit	2092dc4865e008f703353be65f23e7389f527ab4 (patch)
tree	523923c890cda247ed0570ac6aae47e72f65d185
parent	8086fa63e624dfbe32bd6bfcd03a77d5d701117e (diff)
download	pfsense-packages-2092dc4865e008f703353be65f23e7389f527ab4.tar.gz pfsense-packages-2092dc4865e008f703353be65f23e7389f527ab4.tar.bz2 pfsense-packages-2092dc4865e008f703353be65f23e7389f527ab4.zip