From 5cb08a96dec952ae6e1fd657e6940ea79af4f8d8 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 19 Mar 2014 17:24:00 -0400
Subject: Add new Log Mgmt tab link and improve parameter checking.

---
 config/suricata/suricata_list_view.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'config/suricata/suricata_list_view.php')

diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php
index 2ff121f2..b6616909 100644
--- a/config/suricata/suricata_list_view.php
+++ b/config/suricata/suricata_list_view.php
@@ -34,9 +34,11 @@ global $g, $config;
 
 $contents = '';
 
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+	$id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
 
 if (isset($id) && isset($wlist)) {
 	$a_rule = $config['installedpackages']['suricata']['rule'][$id];
@@ -86,7 +88,7 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
 		<tr>
 			<td colspan="2" valign="top" class="label">
 			<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
-			<textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+			<textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
 			</div>
 			</td>
 		</tr>
-- 
cgit v1.2.3