Skip to content

Commit cc3990a

Browse files
committed
Validation and encoding for Ping and Traceroute. Fixes #10355
1 parent edc7e81 commit cc3990a

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

Diff for: src/usr/local/www/diag_ping.php

+4-1
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,9 @@
6868
if (($ipproto == "ipv6") && is_ipaddrv4($host)) {
6969
$input_errors[] = gettext("When using IPv6, the target host must be an IPv6 address or hostname.");
7070
}
71+
if (!is_ipaddr($host) && !is_hostname($host)) {
72+
$input_errors[] = gettext("Hostname must be a valid hostname or IP address.");
73+
}
7174

7275
if (!$input_errors) {
7376
if ($_POST) {
@@ -185,7 +188,7 @@
185188
</div>
186189

187190
<div class="panel-body">
188-
<pre><?= $result ?></pre>
191+
<pre><?= htmlspecialchars($result) ?></pre>
189192
</div>
190193
</div>
191194
<?php

Diff for: src/usr/local/www/diag_traceroute.php

+4-1
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,9 @@
7171
if (($ipproto == "ipv6") && is_ipaddrv4($host)) {
7272
$input_errors[] = gettext("When using IPv6, the target host must be an IPv6 address or hostname.");
7373
}
74+
if (!is_ipaddr($host) && !is_hostname($host)) {
75+
$input_errors[] = gettext("Hostname must be a valid hostname or IP address.");
76+
}
7477

7578
$sourceip = $_REQUEST['sourceip'];
7679
$ttl = $_REQUEST['ttl'];
@@ -183,7 +186,7 @@
183186
<div class="panel-heading"><h2 class="panel-title"><?=gettext('Results')?></h2></div>
184187
<div class="panel-body">
185188
<?php
186-
print('<pre>' . $result . '</pre>');
189+
print('<pre>' . htmlspecialchars($result) . '</pre>');
187190
?>
188191
</div>
189192
</div>

0 commit comments

Comments
 (0)