diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-03-07 15:53:08 -0500 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-03-07 15:53:08 -0500 |
| commit | 62a833a2b268b4374bdba95b13c117470d380786 (patch) | |
| tree | 3662994f26b7e207e401178f12c54a87ee9d7429 /config/suricata/suricata_rules_flowbits.php | |
| parent | 08c5a4d7d40b0ce059daa832a231a95f46946c14 (diff) | |
| download | pfsense-packages-62a833a2b268b4374bdba95b13c117470d380786.tar.gz pfsense-packages-62a833a2b268b4374bdba95b13c117470d380786.tar.bz2 pfsense-packages-62a833a2b268b4374bdba95b13c117470d380786.zip | |
Increase rigor of $_POST and $_GET parameter value validation.
Diffstat (limited to 'config/suricata/suricata_rules_flowbits.php')
| -rw-r--r-- | config/suricata/suricata_rules_flowbits.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index 53019894..d5629fae 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -43,8 +43,8 @@ $a_nat = &$config['installedpackages']['suricata']['rule']; if (isset($_POST['id'])) $id = $_POST['id']; -elseif (isset($_GET['id'])) - $id = $_GET['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); if (is_null($id)) { header("Location: /suricata/suricata_interfaces.php"); @@ -283,7 +283,6 @@ if ($savemsg) <td align="center" valign="middle"> <input id="cancel" name="cancel" type="submit" class="formbtn" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> - <input name="id" type="hidden" value="<?=$id;?>" /> </td> </tr> <?php endif; ?> |