From 2092dc4865e008f703353be65f23e7389f527ab4 Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Wed, 18 Jun 2014 12:39:51 -0300
Subject: Do a basic validation on useaddr value

---
 config/openvpn-client-export/vpn_openvpn_export.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'config')

diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 8d002397..086c2a52 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -131,10 +131,14 @@ if (!empty($act)) {
 	else
 		$nokeys = false;
 
-	if (empty($_GET['useaddr'])) {
+	$useaddr = '';
+	if (isset($_GET['useaddr']) && !empty($_GET['useaddr']))
+		$useaddr = trim($_GET['useaddr']);
+
+	if (!(is_ipaddr($useaddr) || is_hostname($useaddr) ||
+	    in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname"))))
 		$input_errors[] = "You need to specify an IP or hostname.";
-	} else
-		$useaddr = $_GET['useaddr'];
+
 	$advancedoptions = $_GET['advancedoptions'];
 	$openvpnmanager = $_GET['openvpnmanager'];
 
-- 
cgit v1.2.3