Skip to content

Commit

Permalink
Input validation and encoding of IGMP proxy addresses. Issue #9294
Browse files Browse the repository at this point in the history
jim-p committed Jan 29, 2019
1 parent 9389886 commit 261916e
Showing 2 changed files with 9 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/usr/local/www/services_igmpproxy.php
Original file line number Diff line number Diff line change
@@ -135,7 +135,7 @@
<td>
<?php
$addresses = implode(", ", array_slice(explode(" ", $igmpentry['address']), 0, 10));
print($addresses);
print(htmlspecialchars($addresses));

if (!is_array($igmpentry['address']) || count($igmpentry['address']) < 10) {
print(' ');
11 changes: 8 additions & 3 deletions src/usr/local/www/services_igmpproxy_edit.php
Original file line number Diff line number Diff line change
@@ -83,9 +83,14 @@
$address .= " ";
}

$address .= $_POST["address{$x}"];
$address .= "/" . $_POST["address_subnet{$x}"];
$isfirst++;
$this_addr = $_POST["address{$x}"] . "/" . $_POST["address_subnet{$x}"];
if (is_subnet($this_addr)) {
$address .= $this_addr;
$isfirst++;
} else {
$input_errors[] = sprintf(gettext("The following submitted address is invalid: %s"), $this_addr);
}

$x++;
}

0 comments on commit 261916e

Please sign in to comment.