webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

urlfilter.cgi: Fixes bugs 13887, 13888 & 13889

Browse Source 
commit fc3f7f4a179b26b6ef255a3ab46b6fe6faf208c9
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:47 2025 +0200

    urlfilter.cgi: Fixes bugs 13887, 13888 & 13889

    Fixes: bug 13887 - urlfilter.cgi BE_NAME Command Injection
    Fixes: bug 13888 - urlfilter.cgi USERQUOTA QUOTA_USERS Stored Cross-Site Scripting
    Fixes: bug 13889 - urlfilter.cgi TIMECONSTRAINT SRC DST COMMENT Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-10-10 19:25:10 +00:00
parent 537587ae64
commit 27092cf180
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
html/cgi-bin/urlfilter.cgi
View File

@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2005-2010 IPFire Team #
# Copyright (C) 2005-2025 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -576,7 +576,7 @@ if (($uqsettings{'MODE'} eq 'USERQUOTA') && ($uqsettings{'ACTION'} eq $Lang::tr{
$_ = $uqsettings{'QUOTA_USERS'};
chomp; s/\n/|/g;
my $quota_users = $_;
my $quota_users = &Header::escape($_);
if ($uqsettings{'QUOTA_USERS'} =~ /\\/)
{
@@ -936,6 +936,11 @@ if (($besettings{'ACTION'} eq $Lang::tr{'urlfilter install blacklist'}) && ($bes
close FILE;
# XXX uses globbing
if(!($besettings{'BE_NAME'} =~ /^[a-zA-Z0-9-_]+$/))
{
$errormessage = 'Invalid blacklist name (use only alphanumeric characters plus hyphens or underscores)';
goto ERROR;
}
system("rm -f $dbdir/$besettings{'BE_NAME'}/*.db");
&General::system("/usr/bin/squidGuard", "-c", "$editdir/install.conf", "-C", "all");
# XXX uses globbing
@@ -2047,6 +2052,10 @@ foreach $line (@tclist)
if ($temp[7] eq 'on') { $time.=$Lang::tr{'urlfilter sun'}; } else { $time.='='; }
$time=$time.' &nbsp; '.$temp[8].':'.$temp[9].' to '.$temp[10].':'.$temp[11];
$temp[12] = &Header::escape($temp[12]);
$temp[13] = &Header::escape($temp[13]);
$temp[16] = &Header::escape($temp[16]);
print <<END
<td align='center'>$temp[0]</td>
<td align='center' nowrap>$time</td>