diff --git a/html/ajax_dash.php b/html/ajax_dash.php
index 83d8e6a77a..aecbf0f2c8 100644
--- a/html/ajax_dash.php
+++ b/html/ajax_dash.php
@@ -36,7 +36,7 @@ if ($type == 'placeholder') {
$results_limit = 10;
$typeahead_limit = $config['webui']['global_search_result_limit'];
$no_form = true;
- $title = ucfirst($type);
+ $title = ucfirst(display($type));
$unique_id = str_replace(array("-","."), "_", uniqid($type, true));
$widget_id = mres($_POST['id']);
$widget_settings = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?', array($widget_id)), true);
@@ -47,7 +47,7 @@ if ($type == 'placeholder') {
include 'includes/common/'.$type.'.inc.php';
$output = implode('', $common_output);
$status = 'ok';
- $title = $widget_settings['title'] ?: $title;
+ $title = display($widget_settings['title']) ?: $title;
}
$response = array(
diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php
index e869aa6ea6..b18b8c7c42 100644
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -37,10 +37,10 @@ if ($vars['page'] == 'logout' && $_SESSION['authenticated']) {
// We are only interested in login details passed via POST.
if (isset($_POST['username']) && isset($_POST['password'])) {
- $_SESSION['username'] = mres($_POST['username']);
+ $_SESSION['username'] = clean($_POST['username']);
$_SESSION['password'] = $_POST['password'];
} elseif (isset($_GET['username']) && isset($_GET['password'])) {
- $_SESSION['username'] = mres($_GET['username']);
+ $_SESSION['username'] = clean($_GET['username']);
$_SESSION['password'] = $_GET['password'];
}
@@ -58,7 +58,7 @@ if (file_exists('includes/authentication/'.$config['auth_mechanism'].'.inc.php')
$auth_success = 0;
if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) {
- if (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']) || authenticate($_SESSION['username'], $_SESSION['password'])) {
+ if (reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token'])) || authenticate($_SESSION['username'], $_SESSION['password'])) {
$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
$_SESSION['user_id'] = get_userid($_SESSION['username']);
if (!$_SESSION['authenticated']) {
diff --git a/html/includes/common/notes.inc.php b/html/includes/common/notes.inc.php
index 5e8c3f26c3..35b6896f47 100644
--- a/html/includes/common/notes.inc.php
+++ b/html/includes/common/notes.inc.php
@@ -33,5 +33,5 @@ if (defined('SHOW_SETTINGS') || empty($widget_settings)) {
';
} else {
- $common_output[] = stripslashes(nl2br($widget_settings['notes']));
+ $common_output[] = stripslashes(nl2br(htmlentities($widget_settings['notes'])));
}
diff --git a/html/netcmd.php b/html/netcmd.php
index 48013aedfb..a67204dde5 100644
--- a/html/netcmd.php
+++ b/html/netcmd.php
@@ -34,8 +34,8 @@ if (!$_SESSION['authenticated']) {
$output = '';
if ($_GET['query'] && $_GET['cmd']) {
- $host = $_GET['query'];
- if (Net_IPv6::checkIPv6($host) || Net_IPv4::validateip($host) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
+ $host = clean($_GET['query']);
+ if (filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
switch ($_GET['cmd']) {
case 'whois':
$cmd = $config['whois']." $host | grep -v \%";
diff --git a/includes/rewrites.php b/includes/rewrites.php
index cf645ed4d6..ac5b100661 100644
--- a/includes/rewrites.php
+++ b/includes/rewrites.php
@@ -66,6 +66,8 @@ function ifLabel($interface, $device = null)
{
global $config;
+ $interface['ifAlias'] = display($interface['ifAlias']);
+
if (!$device) {
$device = device_by_id_cache($interface['device_id']);
}