Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[7876] branches/1.0/package/webinterface/altweb/admin
|
From: <abe...@us...> - 2016-10-03 21:42:06
|
Revision: 7876
http://sourceforge.net/p/astlinux/code/7876
Author: abelbeck
Date: 2016-10-03 21:42:03 +0000 (Mon, 03 Oct 2016)
Log Message:
-----------
web interface, added miscellaneous sanity checks
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/cdrlog.php
branches/1.0/package/webinterface/altweb/admin/followme.php
branches/1.0/package/webinterface/altweb/admin/fossilcmd.php
branches/1.0/package/webinterface/altweb/admin/setup.php
branches/1.0/package/webinterface/altweb/admin/system.php
branches/1.0/package/webinterface/altweb/admin/users.php
branches/1.0/package/webinterface/altweb/admin/xmpp.php
Modified: branches/1.0/package/webinterface/altweb/admin/cdrlog.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/cdrlog.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/cdrlog.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -1,6 +1,6 @@
<?php session_start();
-// Copyright (C) 2008-2015 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -528,7 +528,7 @@
$db['displayStart'] = 0;
}
if (isset($_POST['list_type_val'])) {
- $search = tuqd($_POST['list_type_val']);
+ $search = tuq($_POST['list_type_val']);
$search = trim($search, ' |&"');
if ($search === '') {
$result = 0;
@@ -612,7 +612,7 @@
$map = mapCDRvalues($default, $extra, $last);
if (isset($_GET['search'])) {
- $search = rawurldecode($_GET['search']);
+ $search = tuq(rawurldecode($_GET['search']));
if (isset($_GET['key'])) {
$fkey = $_GET['key'];
} else {
Modified: branches/1.0/package/webinterface/altweb/admin/followme.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/followme.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/followme.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2009 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -215,10 +215,10 @@
}
}
}
- if (($value = getPREFdef($global_prefs, 'followme_number_context_cmdstr')) !== '') {
+ if (($value = tuq(getPREFdef($global_prefs, 'followme_number_context_cmdstr'))) !== '') {
$cmd .= 'context=>'.$value.chr(10);
}
- if (($value = getPREFdef($global_prefs, 'followme_music_class_cmdstr')) !== '') {
+ if (($value = tuq(getPREFdef($global_prefs, 'followme_music_class_cmdstr'))) !== '') {
$cmd .= 'musicclass=>'.$value.chr(10);
}
shell('echo -n "'.chr(10).$cmd.'" >>'.$fname, $status);
@@ -269,8 +269,8 @@
}
$enabled = isset($_POST['enabled']) ? $_POST['enabled'] : array();
for ($i = 0; $i < $MAXNUM; $i++) {
- $number[$i] = tuqd($_POST["number$i"]);
- $timeout[$i] = tuqd($_POST["timeout$i"]);
+ $number[$i] = tuq($_POST["number$i"]);
+ $timeout[$i] = tuq($_POST["timeout$i"]);
if ($USE_RULES && $number[$i] !== '') {
if (! preg_match("/$NUMBER_FORMAT/", $number[$i])) {
$result = 12;
Modified: branches/1.0/package/webinterface/altweb/admin/fossilcmd.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/fossilcmd.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/fossilcmd.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2015 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -55,7 +55,7 @@
require_once '../common/header.php';
$action = isset($_GET['action']) ? $_GET['action'] : '';
- $arg = isset($_GET['arg']) ? rawurldecode($_GET['arg']) : '';
+ $arg = isset($_GET['arg']) ? tuq(rawurldecode($_GET['arg'])) : '';
if ($action === 'status') {
$arg_str = '';
Modified: branches/1.0/package/webinterface/altweb/admin/setup.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/setup.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/setup.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2009 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -72,7 +72,7 @@
} elseif (isset($_POST['submit_format'])) {
if (isset($_POST['format_type']) && isset($_POST['unionfs_size']) && isset($_POST['target_drive'])) {
$format_type = $_POST['format_type'];
- $target_drive = $_POST['target_drive'];
+ $target_drive = tuq($_POST['target_drive']);
if ($format_type === 'combined') {
$result_str = shell($INITIAL_SETUP.' format combined '.$target_drive.' 2>/dev/null', $status);
if ($status != 0) {
@@ -82,7 +82,7 @@
systemREBOOT($myself, 10, TRUE);
}
} else {
- $unionfs_size = $_POST['unionfs_size'];
+ $unionfs_size = tuq($_POST['unionfs_size']);
if ($unionfs_size > 9) {
$result_str = shell($INITIAL_SETUP.' format separate '.$target_drive.' '.$unionfs_size.' 2>/dev/null', $status);
if ($status != 0) {
@@ -98,7 +98,7 @@
}
} elseif (isset($_POST['submit_configure'])) {
if (isset($_POST['target_drive'])) {
- $target_drive = $_POST['target_drive'];
+ $target_drive = tuq($_POST['target_drive']);
$result_str = shell($INITIAL_SETUP.' configure '.$target_drive.' 2>/dev/null', $status);
if ($status != 0) {
putACTIONresult($result_str, $status);
Modified: branches/1.0/package/webinterface/altweb/admin/system.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/system.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/system.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2014 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -28,11 +28,11 @@
require_once '../common/users-password.php';
-if (($REPOSITORY_URL = getPREFdef($global_prefs, 'system_firmware_repository_url')) === '') {
+if (($REPOSITORY_URL = tuq(getPREFdef($global_prefs, 'system_firmware_repository_url'))) === '') {
$REPOSITORY_URL = asteriskURLrepo();
}
-if (($SOUNDS_URL = getPREFdef($global_prefs, 'system_asterisk_sounds_url')) === '') {
+if (($SOUNDS_URL = tuq(getPREFdef($global_prefs, 'system_asterisk_sounds_url'))) === '') {
$SOUNDS_URL = 'http://downloads.asterisk.org/pub/telephony/sounds';
}
@@ -333,9 +333,9 @@
$action = $_POST['sounds_action'];
if (isset($_POST['sounds_type'], $_POST['sounds_lang'], $_POST['sounds_codec']) &&
($_POST['sounds_type'] !== '' || $action === 'show')) {
- $type = $_POST['sounds_type'];
- $lang = $_POST['sounds_lang'];
- $codec = $_POST['sounds_codec'];
+ $type = tuq($_POST['sounds_type']);
+ $lang = tuq($_POST['sounds_lang']);
+ $codec = tuq($_POST['sounds_codec']);
$file = '/usr/sbin/upgrade-asterisk-sounds';
$std_err = ' 2>/dev/null';
if ($action === 'upgrade') {
@@ -360,7 +360,7 @@
$result = 99;
$action = $_POST['addon_package_action'];
if (isset($_POST['addon_package_type']) && ($_POST['addon_package_type'] !== '' || $action === 'show')) {
- $type = $_POST['addon_package_type'];
+ $type = tuq($_POST['addon_package_type']);
$file = '/usr/sbin/upgrade-package';
$std_err = ' 2>/dev/null';
if ($action === 'upgrade') {
Modified: branches/1.0/package/webinterface/altweb/admin/users.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/users.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/users.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -1,6 +1,6 @@
<?php
-// Copyright (C) 2008-2014 Lonnie Abelbeck
+// Copyright (C) 2008-2016 Lonnie Abelbeck
// This is free software, licensed under the GNU General Public License
// version 3 as published by the Free Software Foundation; you can
// redistribute it and/or modify it under the terms of the GNU
@@ -20,7 +20,7 @@
require_once '../common/users-password.php';
-if (($context = getPREFdef($global_prefs, 'users_voicemail_context_cmdstr')) === '') {
+if (($context = tuq(getPREFdef($global_prefs, 'users_voicemail_context_cmdstr'))) === '') {
$context = 'default';
}
Modified: branches/1.0/package/webinterface/altweb/admin/xmpp.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/xmpp.php 2016-10-03 14:03:28 UTC (rev 7875)
+++ branches/1.0/package/webinterface/altweb/admin/xmpp.php 2016-10-03 21:42:03 UTC (rev 7876)
@@ -202,6 +202,8 @@
//
function deleteUser($user) {
+ $user = str_replace(' ', '', stripshellsafe($user));
+
if ($user === '') {
return(FALSE);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
