mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Resolved some security issues

Browse Source
This commit is contained in:
laf
2016-06-02 06:56:45 +00:00
parent 16b91f6a97
commit db0e1ca203
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
html/netcmd.php
View File

@@ -36,7 +36,7 @@ if (!$_SESSION['authenticated']) {
$output = '';
if ($_GET['query'] && $_GET['cmd']) {
$host = $_GET['query'];
if (Net_IPv6::checkIPv6($host) || Net_IPv4::validateip($host) || preg_match('/^[a-zA-Z0-9.-]*$/', $host)) {
if (Net_IPv6::checkIPv6($host) || Net_IPv4::validateip($host) || filter_var('http://'.$host, FILTER_VALIDATE_URL)) {
switch ($_GET['cmd']) {
case 'whois':
$cmd = $config['whois']." $host | grep -v \%";
@@ -66,5 +66,5 @@ if ($_GET['query'] && $_GET['cmd']) {
}//end if
}//end if
$output = trim($output);
$output = htmlentities(trim($output), ENT_QUOTES);
echo "<pre>$output</pre>";

2
html/network-map.php
View File

@@ -44,7 +44,7 @@ if (is_array($config['branding'])) {
}
}
if (isset($_GET['device'])) {
if (is_numeric($_GET['device']) && isset($_GET['device'])) {
$where = 'WHERE device_id = '.mres($_GET['device']);
}
else {