Permalink
Browse files

fixed missing check for blacklisted characters when editing task

issue #521
  • Loading branch information...
s3inlc committed Dec 13, 2018
1 parent 2841ed3 commit 6e2e9a71465e8707e0923fbc31d7b491f2ae117a
Showing with 7 additions and 3 deletions.
  1. +1 −0 doc/changelog.md
  2. +6 −3 src/inc/utils/TaskUtils.class.php
@@ -4,6 +4,7 @@

- Fixed wrong task speed summation for task overview page.
- Fixed XSS on hashes view page when printing a hashlist.
- Fixed missing check for blacklisted characters when editing task.

# v0.10.0 -> v0.10.1

@@ -133,6 +133,9 @@ public static function changeAttackCmd($taskId, $attackCmd, $user) {
else if (strpos($attackCmd, SConfig::getInstance()->getVal(DConfig::HASHLIST_ALIAS)) === false) {
throw new HTException("Attack command must contain the hashlist alias!");
}
else if (Util::containsBlacklistedChars($attackCmd)) {
throw new HTException("The attack command must contain no blacklisted characters!");
}
$task = TaskUtils::getTask($taskId, $user);
if ($task->getAttackCmd() == $attackCmd) {
@@ -439,7 +442,7 @@ public static function resetChunk($chunkId, $user) {
if (!AccessUtils::userCanAccessTask($taskWrapper, $user)) {
throw new HTException("No access to this task!");
}
$initialProgress = ($task->getIsPrince() || $task->getForcePipe())? null : 0;
$initialProgress = ($task->getIsPrince() || $task->getForcePipe()) ? null : 0;
$chunk->setState(0);
$chunk->setProgress($initialProgress);
$chunk->setCheckpoint($chunk->getSkip());
@@ -752,7 +755,7 @@ public static function splitByRules($task, $taskWrapper, $files, $splitFile, $sp
for ($j = $i; $j < $i + $linesPerFile && $j < sizeof($content); $j++) {
$copy[] = $content[$j];
}
file_put_contents(dirname(__FILE__) . "/../../files/" . $splitFile->getFilename() . "_p$taskId-$count", implode("\n", $copy). "\n");
file_put_contents(dirname(__FILE__) . "/../../files/" . $splitFile->getFilename() . "_p$taskId-$count", implode("\n", $copy) . "\n");
$f = new File(null, $splitFile->getFilename() . "_p$taskId-$count", Util::filesize(dirname(__FILE__) . "/../../files/" . $splitFile->getFilename() . "_p$taskId-$count"), $splitFile->getIsSecret(), DFileType::TEMPORARY, $taskWrapper->getAccessGroupId());
$f = Factory::getFileFactory()->save($f);
$newFiles[] = $f;
@@ -1083,7 +1086,7 @@ public static function getImportantTask($task1, $task2) {
if ($taskWrapper1->getPriority() > $taskWrapper2->getPriority()) {
return $task1; // if first task wrapper has more priority, this task should be done
}
else if($taskWrapper1->getPriority() == $taskWrapper2->getPriority() && $task1->getPriority() > $task2->getPriority()){
else if ($taskWrapper1->getPriority() == $taskWrapper2->getPriority() && $task1->getPriority() > $task2->getPriority()) {
return $task1; // if both wrappers have the same priority but the subtask not (this can be the case when comparing supertasks)
}
return $task2;

0 comments on commit 6e2e9a7

Please sign in to comment.