mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize graph input (#10276)

Browse Source 
Could execute arbitrary rrdtool commands such as cd and ls.
This commit is contained in:
Tony Murray
2019-05-31 07:43:12 -05:00
committed by GitHub
parent eea0d4d359
commit 9faae11381
2 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
LibreNMS/Util/Clean.php
View File

@@ -43,6 +43,28 @@ class Clean
return preg_replace('/[^a-zA-Z0-9\-._]/', '', $file); return preg_replace('/[^a-zA-Z0-9\-._]/', '', $file);
} }
/**
* Sanitize string to only contain alpha, numeric, dashes, and underscores
*
* @param string $string
* @return string
*/
public static function alphaDash($string)
{
return preg_replace('/[^a-zA-Z0-9\-_]/', '', $string);
}
/**
* Sanitize string to only contain alpha, numeric, dashes, underscores, and spaces
*
* @param string $string
* @return string
*/
public static function alphaDashSpace($string)
{
return preg_replace('/[^a-zA-Z0-9\-_ ]/', '', $string);
}
/** /**
* Clean a string for display in an html page. * Clean a string for display in an html page.
* For use in non-blade pages * For use in non-blade pages

16
includes/html/graphs/common.inc.php
View File

@@ -1,15 +1,17 @@
<?php <?php
use LibreNMS\Util\Clean;
if ($_GET['from']) { if ($_GET['from']) {
$from = mres($_GET['from']); $from = (int)$_GET['from'];
} }
if ($_GET['to']) { if ($_GET['to']) {
$to = mres($_GET['to']); $to = (int)$_GET['to'];
} }
if ($_GET['width']) { if ($_GET['width']) {
$width = mres($vars['width']); $width = (int)$_GET['width'];
} }
if ($config['trim_tobias']) { if ($config['trim_tobias']) {
@@ -17,7 +19,7 @@ if ($config['trim_tobias']) {
} }
if ($_GET['height']) { if ($_GET['height']) {
$height = mres($vars['height']); $height = (int)$_GET['height'];
} }
if ($_GET['inverse']) { if ($_GET['inverse']) {
@@ -56,7 +58,7 @@ if ($_GET['title'] == 'yes') {
} }
if (isset($_GET['graph_title'])) { if (isset($_GET['graph_title'])) {
$rrd_options .= " --title='".$_GET['graph_title']."' "; $rrd_options .= " --title='" . Clean::alphaDashSpace($_GET['graph_title']) . "' ";
} }
if (!isset($scale_min) && !isset($scale_max)) { if (!isset($scale_min) && !isset($scale_max)) {
@@ -83,11 +85,11 @@ $rrd_options .= ' -E --start '.$from.' --end '.$to.' --width '.$width.' --height
$rrd_options .= $config['rrdgraph_def_text'].' -c FONT#'.$config['rrdgraph_def_text_color']; $rrd_options .= $config['rrdgraph_def_text'].' -c FONT#'.$config['rrdgraph_def_text_color'];
if ($_GET['bg']) { if ($_GET['bg']) {
$rrd_options .= ' -c CANVAS#'.mres($_GET['bg']).' '; $rrd_options .= ' -c CANVAS#' . Clean::alphaDash($_GET['bg']) . ' ';
} }
if ($_GET['font']) { if ($_GET['font']) {
$rrd_options .= ' -c FONT#'.mres($_GET['font']).' '; $rrd_options .= ' -c FONT#' . Clean::alphaDash($_GET['font']) . ' ';
} }
// $rrd_options .= " -c BACK#FFFFFF"; // $rrd_options .= " -c BACK#FFFFFF";