Skip to content
Permalink
Browse files Browse the repository at this point in the history
Bugfix: XSS (reflected) in 'bw-calulator-result.php';
Reported by ZenalArifin
  • Loading branch information
GaryAllan committed Nov 27, 2022
1 parent b6c3036 commit 94ec73f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
8 changes: 4 additions & 4 deletions app/tools/ip-calculator/bw-calculator-result.php
Expand Up @@ -10,12 +10,12 @@
$User->check_user_session();

// process input values
$tcp = $_POST['wsize'];
$delay = $_POST['delay'];
$fsize = $_POST['fsize'];
$tcp = filter_var($_POST['wsize'], FILTER_VALIDATE_INT, ["options" => ["min_range"=>1024, "max_range"=>65536]]) ?: die(_("Invalid input"));
$delay = filter_var($_POST['delay'], FILTER_VALIDATE_FLOAT, ["options" => ["min_range"=>0.1, "max_range"=>1000]]) ?: die(_("Invalid input"));
$fsize = filter_var($_POST['fsize'], FILTER_VALIDATE_FLOAT, ["options" => ["min_range"=>100, "max_range"=>4096]]) ?: die(_("Invalid input"));

// get mbps values from config
$mbps = round($tcp/($delay/1000)/(1024*1024),2);
$mbps = round($tcp/($delay/1000)/(1024*1024), 4);

// Calculate transfer time
$time = round(($fsize / $mbps), 2);
Expand Down
4 changes: 4 additions & 0 deletions misc/CHANGELOG
Expand Up @@ -4,6 +4,10 @@
----------------------------
+ php8.1 compatibility (php8.x support is work-in-progress);

Security Fixes:
----------------------------
+ XSS (reflected) in 'bw-calulator-result.php';

== 1.5.0

New features:
Expand Down

0 comments on commit 94ec73f

Please sign in to comment.