diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2008-07-15 16:32:28 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2008-07-15 16:32:28 +0000 |
commit | ab49cedd898d7dafb93266a8526efdd0abb85230 (patch) | |
tree | 5673b5e33b90e0036167433ba4dbc68e41ca136d | |
parent | dd7c36808d647b909fa33722601c4cb4140bb76b (diff) | |
download | pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.gz pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.bz2 pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.zip |
Strip < and > before converting to input safe code
-rw-r--r-- | packages/spamd_db.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php index 9105709a..ae934a70 100644 --- a/packages/spamd_db.php +++ b/packages/spamd_db.php @@ -50,14 +50,16 @@ if($_GET['action'] or $_POST['action']) { if($_POST['action']) $action = escapeshellarg($_POST['action']); if($_GET['srcip']) - $srcip = escapeshellarg($_GET['srcip']); + $srcip = $_GET['srcip']; if($_POST['srcip']) - $srcip = escapeshellarg($_POST['srcip']); + $srcip = $_POST['srcip']; if($_POST['toaddress']) $toaddress = escapeshellarg($_POST['toaddress']); $srcip = str_replace("<","",$srcip); $srcip = str_replace(">","",$srcip); $srcip = str_replace(" ","",$srcip); + // Make input safe + $srcip = escapeshellarg($srcip); /* execute spamdb command */ if($action == "'whitelist'") { if(!is_ipaddr($srcip)) { |