entrouvert
/
univnautes
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Define a local boolean var for showact to avoid security issues, also pass order parameter trough htmlspecialchars()

This commit is contained in:
Renato Botelho 2014-11-18 12:03:21 -02:00
parent 8105ffa61c
commit f376043cf3
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
usr/local/www/widgets/widgets/captive_portal_status.widget.php
View File

@ -62,11 +62,13 @@ $a_cp =& $config['captiveportal'];
$cpdb_all = array();
$showact = isset($_GET['showact']) ? 1 : 0;
foreach ($a_cp as $cpzone => $cp) {
$cpdb = captiveportal_read_db();
foreach ($cpdb as $cpent) {
$cpent[10] = $cpzone;
if ($_GET['showact'])
if ($showact == 1)
$cpent[11] = captiveportal_get_last_activity($cpent[2]);
$cpdb_all[] = $cpent;
}
@ -90,12 +92,12 @@ if ($_GET['order']) {
?>
<table class="sortable" name="sortabletable" id="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="captive portal status">
<tr>
<td class="listhdrr"><a href="?order=ip&amp;showact=<?=$_GET['showact'];?>">IP address</a></td>
<td class="listhdrr"><a href="?order=mac&amp;showact=<?=$_GET['showact'];?>">MAC address</a></td>
<td class="listhdrr"><a href="?order=user&amp;showact=<?=$_GET['showact'];?>"><?=gettext("Username");?></a></td>
<?php if ($_GET['showact']): ?>
<td class="listhdrr"><a href="?order=start&amp;showact=<?=$_GET['showact'];?>"><?=gettext("Session start");?></a></td>
<td class="listhdrr"><a href="?order=start&amp;showact=<?=$_GET['showact'];?>"><?=gettext("Last activity");?></a></td>
<td class="listhdrr"><a href="?order=ip&amp;showact=<?=$showact;?>">IP address</a></td>
<td class="listhdrr"><a href="?order=mac&amp;showact=<?=$showact;?>">MAC address</a></td>
<td class="listhdrr"><a href="?order=user&amp;showact=<?=$showact;?>"><?=gettext("Username");?></a></td>
<?php if ($showact == 1): ?>
<td class="listhdrr"><a href="?order=start&amp;showact=<?=$showact;?>"><?=gettext("Session start");?></a></td>
<td class="listhdrr"><a href="?order=start&amp;showact=<?=$showact;?>"><?=gettext("Last activity");?></a></td>
<?php endif; ?>
</tr>
<?php foreach ($cpdb_all as $cpent): ?>
@ -103,12 +105,12 @@ if ($_GET['order']) {
<td class="listlr"><?=$cpent[2];?></td>
<td class="listr"><?=$cpent[3];?>&nbsp;</td>
<td class="listr"><?=$cpent[4];?>&nbsp;</td>
<?php if ($_GET['showact']): ?>
<?php if ($showact == 1): ?>
<td class="listr"><?=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?></td>
<td class="listr"><?php if ($cpent[11] && ($cpent[11] > 0)) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[11]));?></td>
<?php endif; ?>
<td valign="middle" class="list nowrap">
<a href="?order=<?=$_GET['order'];?>&amp;showact=<?=$_GET['showact'];?>&amp;act=del&amp;zone=<?=$cpent[10];?>&amp;id=<?=$cpent[5];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="x" /></a></td>
<a href="?order=<?=htmlspecialchars($_GET['order']);?>&amp;showact=<?=$showact;?>&amp;act=del&amp;zone=<?=$cpent[10];?>&amp;id=<?=$cpent[5];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="x" /></a></td>
</tr>
<?php endforeach; ?>
</table>
</table>