diff options
Diffstat (limited to 'config')
| -rwxr-xr-x | config/snort/snort.xml | 2 | ||||
| -rw-r--r-- | config/snort/snort_ip_list_mgmt.php | 6 | ||||
| -rw-r--r-- | config/spamd/spamd.xml | 2 | ||||
| -rw-r--r-- | config/spamd/spamd_db.php | 32 |
4 files changed, 21 insertions, 21 deletions
diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 18e6ef20..612fbaa8 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ </copyright> <description>Snort IDS/IPS Package</description> <name>Snort</name> - <version>3.2.8</version> + <version>3.2.8.1</version> <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php index 20d486c6..1ff25bd5 100644 --- a/config/snort/snort_ip_list_mgmt.php +++ b/config/snort/snort_ip_list_mgmt.php @@ -208,15 +208,15 @@ if ($savemsg) </thead> <?php foreach ($ipfiles as $file): ?> <tr> - <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?php echo htmlspecialchars(gettext($file)); ?></td> <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td> <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td> <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]" - onClick="document.getElementById('iplist_fname').value='<?=$file;?>';" + onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>';" src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/> <input type="image" name="iplist_delete[]" id="iplist_delete[]" - onClick="document.getElementById('iplist_fname').value='<?=$file;?>'; + onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>'; return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td> diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml index de03d224..5accb790 100644 --- a/config/spamd/spamd.xml +++ b/config/spamd/spamd.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>spamdsources</name> - <version>1.1.5</version> + <version>1.1.5.1</version> <title>SpamD: External Sources</title> <include_file>/usr/local/pkg/spamd.inc</include_file> <backup_file>/var/db/spamd</backup_file> diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php index 90215e6f..d544ce16 100644 --- a/config/spamd/spamd_db.php +++ b/config/spamd/spamd_db.php @@ -51,11 +51,11 @@ if ($_POST['spamtrapemail']) { if ($spamtrapemail) { $spamtrapemailarg = escapeshellarg($spamtrapemail); } - + /* handle AJAX operations */ if ($_GET['action'] or $_POST['action']) { /* echo back buttonid so it can be turned back off when request is completed. */ - echo $_GET['buttonid'] . "|"; + echo htmlspecialchars($_GET['buttonid']) . "|"; if ($_GET['action']) { $action = $_GET['action']; } @@ -87,7 +87,7 @@ if ($_GET['action'] or $_POST['action']) { exec("/usr/local/sbin/spamdb -d {$srcip} -t"); delete_from_blacklist($srcip); mwexec("/sbin/pfctl -q -t spamd -T delete $srcip"); - mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); + mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); } elseif ($action == "trapped") { exec("/usr/local/sbin/spamdb -d {$srcip}"); exec("/usr/local/sbin/spamdb -d {$srcip}"); @@ -113,8 +113,8 @@ if ($_GET['getstatus'] != "") { } elseif (stristr($status, "SPAMTRAP") == true) { echo "SPAMTRAP"; } else { - echo "NOT FOUND"; - } + echo "NOT FOUND"; + } exit; } @@ -180,7 +180,7 @@ if (file_exists("/var/db/whitelist.txt")) { } else { $whitelist_items = 0; } - + if (file_exists("/var/db/blacklist.txt")) { $blacklist_items = shell_exec("/bin/cat /var/db/blacklist.txt | /usr/bin/wc -l"); } else { @@ -335,9 +335,9 @@ function formatspamddatetime($dt) { $cmd = "/bin/cat /var/db/blacklist.txt | /usr/bin/grep -v \"" . escapeshellarg($filter) . "\" "; exec($cmd, $pkgdba); foreach($pkgdba as $pkg) { - $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; - } - } + $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; + } + } } else { $cmd = "/usr/local/sbin/spamdb | /usr/bin/grep " . escapeshellarg($filter) . " | /usr/bin/tail -n {$limit}"; exec($cmd, $pkgdb); @@ -390,8 +390,8 @@ function formatspamddatetime($dt) { $first = ""; $pass = ""; $expire = ""; - $attempts = htmlentities($pkgdb_split[8]); - break; + $attempts = htmlentities($pkgdb_split[8]); + break; case "TRAPPED": $recordtype = htmlentities($pkgdb_split[0]); $srcip = htmlentities($pkgdb_split[1]); @@ -410,7 +410,7 @@ function formatspamddatetime($dt) { $first = formatspamddatetime($pkgdb_split[5]); $pass = formatspamddatetime($pkgdb_split[6]); $expire = formatspamddatetime($pkgdb_split[7]); - $attempts = htmlentities($pkgdb_split[8]); + $attempts = htmlentities($pkgdb_split[8]); break; case "WHITE": $recordtype = htmlentities($pkgdb_split[0]); @@ -420,16 +420,16 @@ function formatspamddatetime($dt) { $first = formatspamddatetime($pkgdb_split[4]); $pass = formatspamddatetime($pkgdb_split[5]); $expire = formatspamddatetime($pkgdb_split[6]); - $attempts = htmlentities($pkgdb_split[8]); + $attempts = htmlentities($pkgdb_split[8]); break; } if ($srcip == "" and $fromaddress == "" and $toaddress == "") { continue; } echo "<tr id=\"{$rows}\">"; - echo "<td class=\"listr\">{$recordtype}</td>"; + echo "<td class=\"listr\">{$recordtype}</td>"; echo "<td class=\"listr\">{$srcip}</td>"; - echo "<td class=\"listr\">{$fromaddress}</td>"; + echo "<td class=\"listr\">{$fromaddress}</td>"; echo "<td class=\"listr\">{$toaddress}</td>"; echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . $first . "</span></td>"; echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . $pass . "</span></td>"; @@ -468,7 +468,7 @@ function formatspamddatetime($dt) { <?php echo "{$whitelist_items} total items in the whitelist.<br />"; echo "{$blacklist_items} total items in the blacklist.<br />"; - echo "{$spamdb_grey} total items in the greylist.<br />"; + echo "{$spamdb_grey} total items in the greylist.<br />"; echo "{$spamdb_items} total items in the SpamDB.<br />"; ?> </font> |