mirror of
https://github.com/nidebr/as-stats-gui.git
synced 2025-02-20 11:23:18 +08:00
Fix query string injections
This commit is contained in:
Elouan Martinet
parent
f37a9352e7
commit
309fa8e4bd
14
asset.php
14
asset.php
@ -39,7 +39,7 @@ if ( isset($_GET['action']) ) {
|
|||||||
header("Location: asset.php");
|
header("Location: asset.php");
|
||||||
} else if ( $action == "clear" and $asset ) {
|
} else if ( $action == "clear" and $asset ) {
|
||||||
clearCacheFileASSET($asset);
|
clearCacheFileASSET($asset);
|
||||||
header("Location: asset.php?asset=".$asset."");
|
header("Location: asset.php?asset=".urlencode($asset));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -49,9 +49,9 @@ if ( $asset ) {
|
|||||||
$start = time() - $hours*3600;
|
$start = time() - $hours*3600;
|
||||||
$end = time();
|
$end = time();
|
||||||
|
|
||||||
$title = "AS-Stats | History for AS-SET: ".$asset;
|
$title = "AS-Stats | History for AS-SET: ".htmlentities($asset);
|
||||||
$header = 'History for AS-SET';
|
$header = 'History for AS-SET';
|
||||||
$header_small = $asset;
|
$header_small = htmlentities($asset);
|
||||||
$select_form = "";
|
$select_form = "";
|
||||||
|
|
||||||
$aslist = getASSET($asset);
|
$aslist = getASSET($asset);
|
||||||
@ -191,11 +191,11 @@ if ( $asset ) {
|
|||||||
} else {
|
} else {
|
||||||
$aff_astable .= '<div class="alert alert-info">';
|
$aff_astable .= '<div class="alert alert-info">';
|
||||||
$aff_astable .= '<h4><i class="icon fa fa-warning"></i> Alert!</h4>';
|
$aff_astable .= '<h4><i class="icon fa fa-warning"></i> Alert!</h4>';
|
||||||
$aff_astable .= 'No data for AS-SET <b>' . $asset . '</b>';
|
$aff_astable .= 'No data for AS-SET <b>' . htmlentities($asset) . '</b>';
|
||||||
$aff_astable .= '</div>';
|
$aff_astable .= '</div>';
|
||||||
}
|
}
|
||||||
// TOOLSBOX
|
// TOOLSBOX
|
||||||
$aff_toolsbox_add = '<a href="asset.php?asset='.$asset.'&action=clear" class="list-group-item"><i class="fa fa-remove text-red"></i> Remove AS-SET cache file for '.$asset.'.</a>';
|
$aff_toolsbox_add = '<a href="asset.php?asset='.htmlentities($asset).'&action=clear" class="list-group-item"><i class="fa fa-remove text-red"></i> Remove AS-SET cache file for '.htmlentities($asset).'.</a>';
|
||||||
} else {
|
} else {
|
||||||
$title = "AS-Stats | View AS-SET";
|
$title = "AS-Stats | View AS-SET";
|
||||||
$header = 'History for AS-SET';
|
$header = 'History for AS-SET';
|
||||||
@ -252,7 +252,7 @@ $aff_toolsbox .= '</div>';
|
|||||||
<div class="box-body">
|
<div class="box-body">
|
||||||
<form class="navbar-form navbar-left" role="search">
|
<form class="navbar-form navbar-left" role="search">
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control menu-input" name="asset" placeholder="Search AS-SET" value="<?php echo $val_searchasset; ?>">
|
<input type="text" class="form-control menu-input" name="asset" placeholder="Search AS-SET" value="<?php echo htmlspecialchars($val_searchasset); ?>">
|
||||||
<span class="input-group-btn">
|
<span class="input-group-btn">
|
||||||
<button type="submit" class="btn btn-flat button-input"><i class="fa fa-search"></i></button>
|
<button type="submit" class="btn btn-flat button-input"><i class="fa fa-search"></i></button>
|
||||||
</span>
|
</span>
|
||||||
@ -284,7 +284,7 @@ $aff_toolsbox .= '</div>';
|
|||||||
<div class="col-lg-12">
|
<div class="col-lg-12">
|
||||||
|
|
||||||
<form method='get'>
|
<form method='get'>
|
||||||
<input type='hidden' name='asset' value='<?php echo $asset; ?>'/>
|
<input type='hidden' name='asset' value='<?php echo htmlspecialchars($asset); ?>'/>
|
||||||
<div class="box box-primary">
|
<div class="box box-primary">
|
||||||
<div class="box-header with-border">
|
<div class="box-header with-border">
|
||||||
<h3 class="box-title">Legend</h3>
|
<h3 class="box-title">Legend</h3>
|
||||||
|
|||||||
4
func.inc
4
func.inc
@ -326,7 +326,7 @@ function menu($selected_links) {
|
|||||||
|
|
||||||
$return .='</ul>';
|
$return .='</ul>';
|
||||||
|
|
||||||
$val_ntop = isset($_GET['n']) ? $_GET['n'] : "";
|
$val_ntop = isset($_GET['n']) ? htmlentities($_GET['n']) : "";
|
||||||
|
|
||||||
if ($dpagename == "index" || $dpagename == "ix") {
|
if ($dpagename == "index" || $dpagename == "ix") {
|
||||||
$return .='<form class="navbar-form navbar-left" role="search">';
|
$return .='<form class="navbar-form navbar-left" role="search">';
|
||||||
@ -336,7 +336,7 @@ function menu($selected_links) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $dpagename == "ix" && isset($_GET['ix']) ) {
|
if ( $dpagename == "ix" && isset($_GET['ix']) ) {
|
||||||
$return .='<input type="hidden" name="ix" value="'.$_GET['ix'].'">';
|
$return .='<input type="hidden" name="ix" value="'.htmlspecialchars($_GET['ix']).'">';
|
||||||
}
|
}
|
||||||
|
|
||||||
$return .='<div class="input-group">';
|
$return .='<div class="input-group">';
|
||||||
|
|||||||
@ -35,7 +35,9 @@ if(isset($_GET['selected_links'])){
|
|||||||
foreach($knownlinks as $link)
|
foreach($knownlinks as $link)
|
||||||
$reverse[$link['tag']] = array('color' => $link['color'], 'descr' => $link['descr']);
|
$reverse[$link['tag']] = array('color' => $link['color'], 'descr' => $link['descr']);
|
||||||
$links = array();
|
$links = array();
|
||||||
foreach(explode(',', $_GET['selected_links']) as $tag){
|
foreach(explode(',', $_GET['selected_links']) as $tag){
|
||||||
|
if (preg_match('/[^a-zA-Z0-9]/', $tag))
|
||||||
|
continue;
|
||||||
$link = array('tag' => $tag,
|
$link = array('tag' => $tag,
|
||||||
'color' => $reverse[$tag]['color'],
|
'color' => $reverse[$tag]['color'],
|
||||||
'descr' => $reverse[$tag]['descr']);
|
'descr' => $reverse[$tag]['descr']);
|
||||||
|
|||||||
9
ix.php
9
ix.php
@ -223,7 +223,7 @@ if ( $ix_id ) {
|
|||||||
<!-- =============================================== -->
|
<!-- =============================================== -->
|
||||||
|
|
||||||
<div class="content-wrapper">
|
<div class="content-wrapper">
|
||||||
<?php echo content_header($ix_name . ' Top ' . $ntop . ' AS', '('.$label.')'); ?>
|
<?php echo content_header(htmlentities($ix_name) . ' Top ' . $ntop . ' AS', '('.$label.')'); ?>
|
||||||
|
|
||||||
<section class="content">
|
<section class="content">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
@ -261,7 +261,7 @@ if ( $ix_id ) {
|
|||||||
<input type='hidden' name='numhours' value='<?php echo $hours; ?>'/>
|
<input type='hidden' name='numhours' value='<?php echo $hours; ?>'/>
|
||||||
<input type='hidden' name='n' value='<?php echo $ntop; ?>'/>
|
<input type='hidden' name='n' value='<?php echo $ntop; ?>'/>
|
||||||
<input type='hidden' name='ix' value='<?php echo $ix_id; ?>'/>
|
<input type='hidden' name='ix' value='<?php echo $ix_id; ?>'/>
|
||||||
<input type='hidden' name='name_ix' value='<?php echo $name_ix; ?>'/>
|
<input type='hidden' name='name_ix' value='<?php echo htmlspecialchars($name_ix); ?>'/>
|
||||||
<div class="box box-primary">
|
<div class="box box-primary">
|
||||||
<div class="box-header with-border">
|
<div class="box-header with-border">
|
||||||
<h3 class="box-title">Legend</h3>
|
<h3 class="box-title">Legend</h3>
|
||||||
@ -309,8 +309,7 @@ if ( $ix_id ) {
|
|||||||
<h3 class="box-title">Search IX</h3>
|
<h3 class="box-title">Search IX</h3>
|
||||||
</div>
|
</div>
|
||||||
<div class="box-body">
|
<div class="box-body">
|
||||||
<?php $val_name_ix = isset($_GET['name_ix']) ? $_GET['name_ix'] : ""; ?>
|
<input type="text" class="form-control" name="name_ix" placeholder="Search IX" id="peeringdb" data-provide="typeahead" autocomplete="off" value="<?php echo htmlspecialchars($name_ix); ?>">
|
||||||
<input type="text" class="form-control" name="name_ix" placeholder="Search IX" id="peeringdb" data-provide="typeahead" autocomplete="off" value="<?php echo $val_name_ix; ?>">
|
|
||||||
<input type='hidden' id='ix' name='ix'/>
|
<input type='hidden' id='ix' name='ix'/>
|
||||||
<div id="message"></div>
|
<div id="message"></div>
|
||||||
</div>
|
</div>
|
||||||
@ -323,7 +322,7 @@ if ( $ix_id ) {
|
|||||||
<form method='get'>
|
<form method='get'>
|
||||||
<input type='hidden' name='ix' value='<?php echo $ix_id; ?>'/>
|
<input type='hidden' name='ix' value='<?php echo $ix_id; ?>'/>
|
||||||
<input type='hidden' name='n' value='<?php echo $ntop; ?>'/>
|
<input type='hidden' name='n' value='<?php echo $ntop; ?>'/>
|
||||||
<input type='hidden' name='name_ix' value='<?php echo $name_ix; ?>'/>
|
<input type='hidden' name='name_ix' value='<?php echo htmlspecialchars($name_ix); ?>'/>
|
||||||
<div class="box box-primary">
|
<div class="box box-primary">
|
||||||
<div class="box-header with-border">
|
<div class="box-header with-border">
|
||||||
<h3 class="box-title">Interval</h3>
|
<h3 class="box-title">Interval</h3>
|
||||||
|
|||||||
@ -90,7 +90,8 @@ class PeeringDB {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function GetIXName( $regex = NULL) {
|
public function GetIXName( $regex = NULL) {
|
||||||
if ( $regex ) { $regex = '?name__contains='.$regex; }
|
if (is_string($regex)) { $regex = '?name__contains='.urlencode($regex); }
|
||||||
|
else $regex = '';
|
||||||
$json = json_decode($this->sendRequest($this->url."/ix".$regex));
|
$json = json_decode($this->sendRequest($this->url."/ix".$regex));
|
||||||
return $json->data;
|
return $json->data;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user