diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-07-15 16:20:18 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-07-15 16:20:18 +0000 |
| commit | cbea3ec0c905986ec237e0959278a1bc05cfc580 (patch) | |
| tree | fdcd589cfc678f5fe21b5ce253705fe5b16d0306 | |
| parent | 7e5409a199a75940c4c827636adfbf639110099d (diff) | |
| download | pfsense-packages-cbea3ec0c905986ec237e0959278a1bc05cfc580.tar.gz pfsense-packages-cbea3ec0c905986ec237e0959278a1bc05cfc580.tar.bz2 pfsense-packages-cbea3ec0c905986ec237e0959278a1bc05cfc580.zip | |
Add input validation for the whitelist ip address.
| -rw-r--r-- | packages/spamd_db.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php index 4b13a2b4..1e49c830 100644 --- a/packages/spamd_db.php +++ b/packages/spamd_db.php @@ -2,7 +2,8 @@ /* $Id$ */ /* spamd_db.php - Copyright (C) 2006 Scott Ullrich + part of the pfSense project + Copyright (C) 2006, 2007, 2008 Scott Ullrich All rights reserved. Redistribution and use in source and binary forms, with or without @@ -59,6 +60,10 @@ if($_GET['action'] or $_POST['action']) { $srcip = str_replace(" ","",$srcip); /* execute spamdb command */ if($action == "'whitelist'") { + if(!is_ipaddr($srcip)) { + echo "Invalid IP address entered. Please correct the entry and try again."; + return; + } exec("/usr/local/sbin/spamdb -d {$srcip}"); exec("/usr/local/sbin/spamdb -d \"{$srcip}\" -T"); exec("/usr/local/sbin/spamdb -d \"{$srcip}\" -t"); |