Strip < and > before converting to input safe code

author: Scott Ullrich <sullrich@pfsense.org> 2008-07-15 16:32:28 +0000
committer: Scott Ullrich <sullrich@pfsense.org> 2008-07-15 16:32:28 +0000
commit: ab49cedd898d7dafb93266a8526efdd0abb85230 (patch)
tree: 5673b5e33b90e0036167433ba4dbc68e41ca136d /packages
parent: dd7c36808d647b909fa33722601c4cb4140bb76b (diff)
download: pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.gz
pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.bz2
pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php
index 9105709a..ae934a70 100644
--- a/packages/spamd_db.php
+++ b/packages/spamd_db.php
@@ -50,14 +50,16 @@ if($_GET['action'] or $_POST['action']) {
 	if($_POST['action'])
 		$action = escapeshellarg($_POST['action']);
 	if($_GET['srcip'])
-		$srcip = escapeshellarg($_GET['srcip']);
+		$srcip = $_GET['srcip'];
 	if($_POST['srcip'])
-		$srcip = escapeshellarg($_POST['srcip']);
+		$srcip = $_POST['srcip'];
 	if($_POST['toaddress']) 
 		$toaddress = escapeshellarg($_POST['toaddress']);
 	$srcip = str_replace("<","",$srcip);
 	$srcip = str_replace(">","",$srcip);
 	$srcip = str_replace(" ","",$srcip);
+	// Make input safe
+	$srcip = escapeshellarg($srcip);
 	/* execute spamdb command */
 	if($action == "'whitelist'") {
 		if(!is_ipaddr($srcip)) {
author	Scott Ullrich <sullrich@pfsense.org>	2008-07-15 16:32:28 +0000
committer	Scott Ullrich <sullrich@pfsense.org>	2008-07-15 16:32:28 +0000
commit	ab49cedd898d7dafb93266a8526efdd0abb85230 (patch)
tree	5673b5e33b90e0036167433ba4dbc68e41ca136d /packages
parent	dd7c36808d647b909fa33722601c4cb4140bb76b (diff)
download	pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.gz pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.tar.bz2 pfsense-packages-ab49cedd898d7dafb93266a8526efdd0abb85230.zip