cedriczirtacic/squidguard_pfsense_1.4._7_RCE.patch

## squidguard_pfsense_1.4._7_RCE.patch
--- squidguard_blacklist.php.old        2016-05-04 15:01:08.000000000 -0300
+++ squidguard_blacklist.php    2016-05-04 15:46:13.000000000 -0300
@@ -58,11 +58,19 @@
 function squidguard_blacklist_AJAX_response( $request )
 {
     $res = '';
+    $status = '';
     $sz  = 0;
     $pcaption = '&nbsp;';

     # Actions
-    if     ($request['blacklist_download_start'])  squidguard_blacklist_update_start( $request['blacklist_url'] ); # update start
+    if ($request['blacklist_download_start'])
+       {
+               $url = $request['blacklist_url'];
+               if ( preg_match('/["\'\s\n\r\(\);]+/', $url )){
+                       $status = "Error: Bad blacklist URL";
+                       squidguard_update_log($status,"");
+               }else   squidguard_blacklist_update_start( $url ); # update start
+    }
     elseif ($request['blacklist_download_cancel']) squidguard_blacklist_update_cancel();                           # update cancel
     elseif ($request['blacklist_restore_default']) squidguard_blacklist_restore_arcdb();                           # restore default db
     elseif ($request['blacklist_clear_log'])       squidguard_blacklist_update_clearlog();                         # clear log
@@ -92,8 +100,7 @@
     $res .= "el('widthb').width = {$szright};";
     $res .= "el('progress_text').innerHTML = '{$sz} %';";

-    $status = '';
-    if (file_exists(SGUPD_STATFILE)) {
+    if (empty($status) && file_exists(SGUPD_STATFILE)) {
         $status = file_get_contents(SGUPD_STATFILE);
         if ($sz && $sz != 100) $status .= "Completed {$sz} %";
     }
	--- squidguard_blacklist.php.old 2016-05-04 15:01:08.000000000 -0300
	+++ squidguard_blacklist.php 2016-05-04 15:46:13.000000000 -0300
	@@ -58,11 +58,19 @@
	function squidguard_blacklist_AJAX_response( $request )
	{
	$res = '';
	+ $status = '';
	$sz = 0;
	$pcaption = ' ';

	# Actions
	- if ($request['blacklist_download_start']) squidguard_blacklist_update_start( $request['blacklist_url'] ); # update start
	+ if ($request['blacklist_download_start'])
	+ {
	+ $url = $request['blacklist_url'];
	+ if ( preg_match('/["\'\s\n\r\(\);]+/', $url )){
	+ $status = "Error: Bad blacklist URL";
	+ squidguard_update_log($status,"");
	+ }else squidguard_blacklist_update_start( $url ); # update start
	+ }
	elseif ($request['blacklist_download_cancel']) squidguard_blacklist_update_cancel(); # update cancel
	elseif ($request['blacklist_restore_default']) squidguard_blacklist_restore_arcdb(); # restore default db
	elseif ($request['blacklist_clear_log']) squidguard_blacklist_update_clearlog(); # clear log
	@@ -92,8 +100,7 @@
	$res .= "el('widthb').width = {$szright};";
	$res .= "el('progress_text').innerHTML = '{$sz} %';";

	- $status = '';
	- if (file_exists(SGUPD_STATFILE)) {
	+ if (empty($status) && file_exists(SGUPD_STATFILE)) {
	$status = file_get_contents(SGUPD_STATFILE);
	if ($sz && $sz != 100) $status .= "Completed {$sz} %";
	}