refactor: Replace escapeshellcmd with Purifier in service checks (#7118)

* fix: issue #4934 Required for service checks, which include multiple quotes or regex. Proposed patch tested, works. * fix: issue #4934 Required for service checks, which include multiple quotes or regex. Proposed patch tested, works.
2024-10-07 16:52:45 +00:00 · 2017-08-12 22:19:12 +03:00
parent a062350cbd
commit 0ebf436d47
1 changed files with 6 additions and 1 deletions
--- a/includes/services.inc.php
+++ b/includes/services.inc.php
@@ -202,13 +202,18 @@ function poll_service($service)

 function check_service($command)
 {
+    global $config;
    // This array is used to test for valid UOM's to be used for graphing.
    // Valid values from: https://nagios-plugins.org/doc/guidelines.html#AEN200
    // Note: This array must be decend from 2 char to 1 char so that the search works correctly.
    $valid_uom = array ('us', 'ms', 'KB', 'MB', 'GB', 'TB', 'c', 's', '%', 'B');

    // Make our command safe.
-    $command = 'LC_NUMERIC="C" '. escapeshellcmd($command);
+    $p_config = HTMLPurifier_Config::createDefault();
+    $p_config->set('Cache.SerializerPath', $config['temp_dir']);
+    $purifier = new HTMLPurifier($p_config);
+
+    $command = 'LC_NUMERIC="C" '. $purifier->purify($command);

    // Run the command and return its response.
    exec($command, $response_array, $status);