Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix Remote Command Execution vulnerability
  • Loading branch information
ales-infotel committed Nov 24, 2021
1 parent 8e508e9 commit 6f55964
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 3 deletions.
5 changes: 4 additions & 1 deletion ajax/addressing.php
Expand Up @@ -59,6 +59,9 @@
} else {
Html::popHeader(__s('IP reservation', 'addressing'), $_SERVER['PHP_SELF']);
$PluginAddressingReserveip = new PluginAddressingReserveip();
$PluginAddressingReserveip->showReservationForm($_GET["ip"], $_GET['id_addressing'], $_GET['rand']);
if(filter_var($_GET["ip"], FILTER_VALIDATE_IP)) {
$PluginAddressingReserveip->showReservationForm($_GET["ip"], $_GET['id_addressing'], $_GET['rand']);
}

Html::popFooter();
}
2 changes: 1 addition & 1 deletion ajax/ping.php
Expand Up @@ -40,7 +40,7 @@

Session::checkLoginUser();

if (!isset($_POST['ip'])) {
if (!isset($_POST['ip']) || !filter_var($_POST["ip"], FILTER_VALIDATE_IP)) {
exit();
}
$ip = $_POST['ip'];
Expand Down
4 changes: 3 additions & 1 deletion front/reserveip.form.php
Expand Up @@ -37,6 +37,8 @@
Html::back();
} else {
Html::header(PluginAddressingReserveip::getTypeName(), '', "tools", "pluginaddressingmenu");
$reserveip->showReservationForm($_REQUEST["ip"], $_REQUEST["id_addressing"], $_REQUEST['rand']);
if(filter_var($_REQUEST["ip"], FILTER_VALIDATE_IP)) {
$reserveip->showReservationForm($_REQUEST["ip"], $_REQUEST["id_addressing"], $_REQUEST['rand']);
}
Html::footer();
}

0 comments on commit 6f55964

Please sign in to comment.