regex-validate services commands

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
froxlor · Dec 20, 2022 · 795a3d8 · 795a3d8
1 parent 2dd226c
commit 795a3d8
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 2 deletions.
diff --git a/actions/admin/settings/125.cronjob.php b/actions/admin/settings/125.cronjob.php
@@ -44,6 +44,7 @@
 					'settinggroup' => 'system',
 					'varname' => 'croncmdline',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',
 					'save_method' => 'storeSettingField'
 				],
@@ -52,6 +53,7 @@
 					'settinggroup' => 'system',
 					'varname' => 'crondreload',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/cron reload',
 					'save_method' => 'storeSettingField'
 				],

diff --git a/actions/admin/settings/130.webserver.php b/actions/admin/settings/130.webserver.php
@@ -305,6 +305,7 @@
 					'settinggroup' => 'system',
 					'varname' => 'apachereload_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/apache2 reload',
 					'save_method' => 'storeSettingField'
 				],
@@ -313,6 +314,7 @@
 					'settinggroup' => 'system',
 					'varname' => 'phpreload_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '',
 					'save_method' => 'storeSettingField',
 					'websrv_avail' => [

diff --git a/actions/admin/settings/160.nameserver.php b/actions/admin/settings/160.nameserver.php
@@ -78,6 +78,7 @@
 					'settinggroup' => 'system',
 					'varname' => 'bindreload_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/bind9 reload',
 					'save_method' => 'storeSettingField'
 				],

diff --git a/actions/admin/settings/180.dkim.php b/actions/admin/settings/180.dkim.php
@@ -135,6 +135,7 @@
 					'settinggroup' => 'dkim',
 					'varname' => 'dkimrestart_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/dkim-filter restart',
 					'save_method' => 'storeSettingField'
 				]

diff --git a/lib/Froxlor/Api/Commands/FpmDaemons.php b/lib/Froxlor/Api/Commands/FpmDaemons.php
@@ -202,7 +202,7 @@ public function add()
 
 			// validation
 			$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);
-			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '', '', [], true);
+			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\- ]+$/i', '', [], true);
 			$sel_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_FPMDAEMONS."` WHERE `reload_cmd` = :rc");
 			$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);
 			if ($dupcheck && $dupcheck['id']) {
@@ -327,7 +327,7 @@ public function update()
 
 			// validation
 			$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);
-			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '', '', [], true);
+			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\- ]+$/i', '', [], true);
 			$sel_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_FPMDAEMONS."` WHERE `reload_cmd` = :rc");
 			$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);
 			if ($dupcheck && $dupcheck['id'] != $id) {