dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Access Control - Edit: Add additional sanitization on dig value.

This commit is contained in:
fusionate 2025-03-20 17:20:14 -06:00
parent 7b8340f021
commit 5d37e2a570
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/access_controls/access_control_edit.php
View File

@ -190,7 +190,7 @@
else { else {
$digs[] = [ $digs[] = [
'type'=>$row['node_type'], 'type'=>$row['node_type'],
'value'=>$row['node_cidr'], 'value'=>escapeshellarg(str_replace(' ', '', $row['node_cidr'])),
'description'=>$row['node_description'], 'description'=>$row['node_description'],
]; ];
} }
@ -202,7 +202,7 @@
//attempt digs //attempt digs
if (!empty($digs) && is_array($digs)) { if (!empty($digs) && is_array($digs)) {
foreach ($digs as $dig) { foreach ($digs as $dig) {
$response = shell_exec("dig +noall +answer ".escapeshellarg($dig['value'])." | awk '{ print $5 }'"); $response = shell_exec("dig +noall +answer ".$dig['value']." | awk '{ print $5 }'");
if (!empty($response)) { if (!empty($response)) {
$lines = explode("\n", $response); $lines = explode("\n", $response);
foreach ($lines as $l => $line) { foreach ($lines as $l => $line) {