diag_packet_capture.php needs input validation
diag_packet_capture.php does minimal if any input validation. Every field on that page needs to be verified.
Interface: Valid interface is submitted
Address family: valid address family submitted
Host address: Valid IP address or CIDR subnet
Packet length: positive integer
Count: positive integer
Level of detail: one of the options in the drop down
Updated by Darren Embry over 9 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
fixed in github.
not quite sure that dropdowns need additional validation because you can't select an option that isn't in the dropdown ;-) and 'any' is a valid option for some of them.