aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2008-07-15 16:32:28 +0000
committerScott Ullrich <sullrich@pfsense.org>2008-07-15 16:32:28 +0000
commitab49cedd898d7dafb93266a8526efdd0abb85230 (patch)
tree5673b5e33b90e0036167433ba4dbc68e41ca136d
parentdd7c36808d647b909fa33722601c4cb4140bb76b (diff)
downloadpfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.gz
pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.bz2
pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.zip
Strip < and > before converting to input safe code
-rw-r--r--packages/spamd_db.php6
1 files changed, 4 insertions, 2 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php
index 9105709a..ae934a70 100644
--- a/packages/spamd_db.php
+++ b/packages/spamd_db.php
@@ -50,14 +50,16 @@ if($_GET['action'] or $_POST['action']) {
if($_POST['action'])
$action = escapeshellarg($_POST['action']);
if($_GET['srcip'])
- $srcip = escapeshellarg($_GET['srcip']);
+ $srcip = $_GET['srcip'];
if($_POST['srcip'])
- $srcip = escapeshellarg($_POST['srcip']);
+ $srcip = $_POST['srcip'];
if($_POST['toaddress'])
$toaddress = escapeshellarg($_POST['toaddress']);
$srcip = str_replace("<","",$srcip);
$srcip = str_replace(">","",$srcip);
$srcip = str_replace(" ","",$srcip);
+ // Make input safe
+ $srcip = escapeshellarg($srcip);
/* execute spamdb command */
if($action == "'whitelist'") {
if(!is_ipaddr($srcip)) {