aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-02-18 09:29:56 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-02-18 09:29:56 -0300
commit048bb82a0e2c814da90816657ecedf59fedf8dbd (patch)
tree05ff84180bb2195ffea63811caae43baa64ead14 /config/snort
parenteb6f51ed37d78231ebded1792f333807d9559177 (diff)
downloadpfsense-packages-048bb82a0e2c814da90816657ecedf59fedf8dbd.tar.gz
pfsense-packages-048bb82a0e2c814da90816657ecedf59fedf8dbd.tar.bz2
pfsense-packages-048bb82a0e2c814da90816657ecedf59fedf8dbd.zip
Fixes #3459. Avoid shell/XSS issues applying htmlspecialchars to input param logfile
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort_log_view.php13
1 files changed, 7 insertions, 6 deletions
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php
index babae205..beec1aa7 100644
--- a/config/snort/snort_log_view.php
+++ b/config/snort/snort_log_view.php
@@ -41,14 +41,15 @@ $contents = '';
// Read the contents of the argument passed to us.
// Is it a fully qualified path and file?
-if (file_exists($_GET['logfile']))
- if (substr(realpath($_GET['logfile']), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} can not be viewed!");
+$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401);
+if (file_exists($logfile))
+ if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
+ $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!");
else
- $contents = file_get_contents($_GET['logfile']);
+ $contents = file_get_contents($logfile);
// It is not something we can display, so print an error.
else
- $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} not found!");
+ $contents = gettext("\n\nERROR -- File: {$logfile} not found!");
$pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
?>
@@ -72,7 +73,7 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext("Log File: ") . '</b>&nbsp;' . $_GET['logfile']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext("Log File: ") . '</b>&nbsp;' . $logfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>