Skip to content
Permalink
Browse files Browse the repository at this point in the history
plugin.php: Fix XSS and directory traversal bugs. Fixes ZoneMinder#2436
This view seems like dead code so maybe it should be removed instead.
  • Loading branch information
mnoorenberghe committed Jan 24, 2019
1 parent e53678f commit 59cc654
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions web/skins/classic/views/plugin.php
Expand Up @@ -36,7 +36,8 @@
return;
}
$monitor = dbFetchMonitor ( $mid );
$plugin = $_REQUEST['pl'];
// Only allow certain filename characters (not including a period) to prevent directory traversal.
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);

$plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin;

Expand Down Expand Up @@ -103,15 +104,15 @@ function pLang($name)
<body>
<div id="page">
<div id="header">
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo $plugin ?></h2>
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div>
<div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="plugin"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>
<input type="hidden" name="zid" value="<?php echo $zid ?>"/>
<input type="hidden" name="pl" value="<?php echo $plugin ?>"/>
<input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>

<div id="settingsPanel">
<table id="pluginSettings" cellspacing="0">
Expand Down

0 comments on commit 59cc654

Please sign in to comment.