dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Access Control - Edit: Escape submitted values in dig command.

This commit is contained in:
fusionate 2025-03-20 09:51:37 -06:00
parent a6a39e6d8a
commit 7b8340f021
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/access_controls/access_control_edit.php
View File

@ -202,7 +202,7 @@
//attempt digs //attempt digs
if (!empty($digs) && is_array($digs)) { if (!empty($digs) && is_array($digs)) {
foreach ($digs as $dig) { foreach ($digs as $dig) {
$response = shell_exec("dig +noall +answer ".$dig['value']." | awk '{ print $5 }'"); $response = shell_exec("dig +noall +answer ".escapeshellarg($dig['value'])." | awk '{ print $5 }'");
if (!empty($response)) { if (!empty($response)) {
$lines = explode("\n", $response); $lines = explode("\n", $response);
foreach ($lines as $l => $line) { foreach ($lines as $l => $line) {