Define a local boolean var for showact to avoid security issues, also pass order parameter trough htmlspecialchars()
This commit is contained in:
parent
8105ffa61c
commit
f376043cf3
|
@ -62,11 +62,13 @@ $a_cp =& $config['captiveportal'];
|
|||
|
||||
$cpdb_all = array();
|
||||
|
||||
$showact = isset($_GET['showact']) ? 1 : 0;
|
||||
|
||||
foreach ($a_cp as $cpzone => $cp) {
|
||||
$cpdb = captiveportal_read_db();
|
||||
foreach ($cpdb as $cpent) {
|
||||
$cpent[10] = $cpzone;
|
||||
if ($_GET['showact'])
|
||||
if ($showact == 1)
|
||||
$cpent[11] = captiveportal_get_last_activity($cpent[2]);
|
||||
$cpdb_all[] = $cpent;
|
||||
}
|
||||
|
@ -90,12 +92,12 @@ if ($_GET['order']) {
|
|||
?>
|
||||
<table class="sortable" name="sortabletable" id="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="captive portal status">
|
||||
<tr>
|
||||
<td class="listhdrr"><a href="?order=ip&showact=<?=$_GET['showact'];?>">IP address</a></td>
|
||||
<td class="listhdrr"><a href="?order=mac&showact=<?=$_GET['showact'];?>">MAC address</a></td>
|
||||
<td class="listhdrr"><a href="?order=user&showact=<?=$_GET['showact'];?>"><?=gettext("Username");?></a></td>
|
||||
<?php if ($_GET['showact']): ?>
|
||||
<td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Session start");?></a></td>
|
||||
<td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Last activity");?></a></td>
|
||||
<td class="listhdrr"><a href="?order=ip&showact=<?=$showact;?>">IP address</a></td>
|
||||
<td class="listhdrr"><a href="?order=mac&showact=<?=$showact;?>">MAC address</a></td>
|
||||
<td class="listhdrr"><a href="?order=user&showact=<?=$showact;?>"><?=gettext("Username");?></a></td>
|
||||
<?php if ($showact == 1): ?>
|
||||
<td class="listhdrr"><a href="?order=start&showact=<?=$showact;?>"><?=gettext("Session start");?></a></td>
|
||||
<td class="listhdrr"><a href="?order=start&showact=<?=$showact;?>"><?=gettext("Last activity");?></a></td>
|
||||
<?php endif; ?>
|
||||
</tr>
|
||||
<?php foreach ($cpdb_all as $cpent): ?>
|
||||
|
@ -103,12 +105,12 @@ if ($_GET['order']) {
|
|||
<td class="listlr"><?=$cpent[2];?></td>
|
||||
<td class="listr"><?=$cpent[3];?> </td>
|
||||
<td class="listr"><?=$cpent[4];?> </td>
|
||||
<?php if ($_GET['showact']): ?>
|
||||
<?php if ($showact == 1): ?>
|
||||
<td class="listr"><?=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?></td>
|
||||
<td class="listr"><?php if ($cpent[11] && ($cpent[11] > 0)) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[11]));?></td>
|
||||
<?php endif; ?>
|
||||
<td valign="middle" class="list nowrap">
|
||||
<a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&zone=<?=$cpent[10];?>&id=<?=$cpent[5];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="x" /></a></td>
|
||||
<a href="?order=<?=htmlspecialchars($_GET['order']);?>&showact=<?=$showact;?>&act=del&zone=<?=$cpent[10];?>&id=<?=$cpent[5];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="x" /></a></td>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
</table>
|
||||
</table>
|
||||
|
|
Reference in New Issue