webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

calamaris.dat: Fixes bug 13886

Browse Source 
commit 7dca07fdcf018320bc10eb4d5fcd019dd1a7029a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:46 2025 +0200

    calamaris.dat: Fixes bug 13886

    Fixes: bug 13886 - calamaris.dat Multiple Parameters Command Injection
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-10-10 19:28:33 +00:00
parent 27092cf180
commit fd6cd41a95
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
html/cgi-bin/logs.cgi/calamaris.dat
View File

@@ -170,6 +170,10 @@ if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'})
if ($reportsettings{'RUN_BACKGROUND'} eq 'on') { $commandline.=" &"; } if ($reportsettings{'RUN_BACKGROUND'} eq 'on') { $commandline.=" &"; }
if (!($commandline =~ /^[a-zA-Z0-9-\s]+$/))
{
die "Invalid input in\"$commandline\"";
}
system("${General::swroot}/proxy/calamaris/bin/mkreport $commandline") system("${General::swroot}/proxy/calamaris/bin/mkreport $commandline")
} }