mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize graph input (#10276)

Browse Source 
Could execute arbitrary rrdtool commands such as cd and ls.
This commit is contained in:
Tony Murray
2019-05-31 07:43:12 -05:00
committed by GitHub
parent eea0d4d359
commit 9faae11381
2 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
LibreNMS/Util/Clean.php
View File

@@ -43,6 +43,28 @@ class Clean
return preg_replace('/[^a-zA-Z0-9\-._]/', '', $file);
}
/**
* Sanitize string to only contain alpha, numeric, dashes, and underscores
*
* @param string $string
* @return string
*/
public static function alphaDash($string)
{
return preg_replace('/[^a-zA-Z0-9\-_]/', '', $string);
}
/**
* Sanitize string to only contain alpha, numeric, dashes, underscores, and spaces
*
* @param string $string
* @return string
*/
public static function alphaDashSpace($string)
{
return preg_replace('/[^a-zA-Z0-9\-_ ]/', '', $string);
}
/**
* Clean a string for display in an html page.
* For use in non-blade pages

16
includes/html/graphs/common.inc.php
View File

@@ -1,15 +1,17 @@
<?php
use LibreNMS\Util\Clean;
if ($_GET['from']) {
$from = mres($_GET['from']);
$from = (int)$_GET['from'];
}
if ($_GET['to']) {
$to = mres($_GET['to']);
$to = (int)$_GET['to'];
}
if ($_GET['width']) {
$width = mres($vars['width']);
$width = (int)$_GET['width'];
}
if ($config['trim_tobias']) {
@@ -17,7 +19,7 @@ if ($config['trim_tobias']) {
}
if ($_GET['height']) {
$height = mres($vars['height']);
$height = (int)$_GET['height'];
}
if ($_GET['inverse']) {
@@ -56,7 +58,7 @@ if ($_GET['title'] == 'yes') {
}
if (isset($_GET['graph_title'])) {
$rrd_options .= " --title='".$_GET['graph_title']."' ";
$rrd_options .= " --title='" . Clean::alphaDashSpace($_GET['graph_title']) . "' ";
}
if (!isset($scale_min) && !isset($scale_max)) {
@@ -83,11 +85,11 @@ $rrd_options .= ' -E --start '.$from.' --end '.$to.' --width '.$width.' --height
$rrd_options .= $config['rrdgraph_def_text'].' -c FONT#'.$config['rrdgraph_def_text_color'];
if ($_GET['bg']) {
$rrd_options .= ' -c CANVAS#'.mres($_GET['bg']).' ';
$rrd_options .= ' -c CANVAS#' . Clean::alphaDash($_GET['bg']) . ' ';
}
if ($_GET['font']) {
$rrd_options .= ' -c FONT#'.mres($_GET['font']).' ';
$rrd_options .= ' -c FONT#' . Clean::alphaDash($_GET['font']) . ' ';
}
// $rrd_options .= " -c BACK#FFFFFF";