diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 09:29:56 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 09:29:56 -0300 |
commit | 048bb82a0e2c814da90816657ecedf59fedf8dbd (patch) | |
tree | 05ff84180bb2195ffea63811caae43baa64ead14 /config/snort | |
parent | eb6f51ed37d78231ebded1792f333807d9559177 (diff) | |
download | pfsense-packages-048bb82a0e2c814da90816657ecedf59fedf8dbd.tar.gz pfsense-packages-048bb82a0e2c814da90816657ecedf59fedf8dbd.tar.bz2 pfsense-packages-048bb82a0e2c814da90816657ecedf59fedf8dbd.zip |
Fixes #3459. Avoid shell/XSS issues applying htmlspecialchars to input param logfile
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort_log_view.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php index babae205..beec1aa7 100644 --- a/config/snort/snort_log_view.php +++ b/config/snort/snort_log_view.php @@ -41,14 +41,15 @@ $contents = ''; // Read the contents of the argument passed to us. // Is it a fully qualified path and file? -if (file_exists($_GET['logfile'])) - if (substr(realpath($_GET['logfile']), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) - $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} can not be viewed!"); +$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401); +if (file_exists($logfile)) + if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) + $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!"); else - $contents = file_get_contents($_GET['logfile']); + $contents = file_get_contents($logfile); // It is not something we can display, so print an error. else - $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} not found!"); + $contents = gettext("\n\nERROR -- File: {$logfile} not found!"); $pgtitle = array(gettext("Snort"), gettext("Log File Viewer")); ?> @@ -72,7 +73,7 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer")); <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext("Log File: ") . '</b> ' . $_GET['logfile']; ?> + <b><?php echo gettext("Log File: ") . '</b> ' . $logfile; ?> </td> </tr> <tr> |