malhuda/as-stats-gui
1
0
Fork 0
mirror of https://github.com/nidebr/as-stats-gui.git synced 2025-02-20 11:23:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #6 from Exagone313/fix-security

Browse Source 
Fix query string injections
This commit is contained in:
nidebr 2018-09-07 11:21:39 +02:00 committed by GitHub
commit ba4a9ea7af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
asset.php
View File

@ -39,7 +39,7 @@ if ( isset($_GET['action']) ) {
header("Location: asset.php");
} else if ( $action == "clear" and $asset ) {
clearCacheFileASSET($asset);
header("Location: asset.php?asset=".$asset."");
header("Location: asset.php?asset=".urlencode($asset));
}
}
@ -49,9 +49,9 @@ if ( $asset ) {
$start = time() - $hours*3600;
$end = time();
$title = "AS-Stats | History for AS-SET: ".$asset;
$title = "AS-Stats | History for AS-SET: ".htmlentities($asset);
$header = 'History for AS-SET';
$header_small = $asset;
$header_small = htmlentities($asset);
$select_form = "";
$aslist = getASSET($asset);
@ -191,11 +191,11 @@ if ( $asset ) {
} else {
$aff_astable .= '<div class="alert alert-info">';
$aff_astable .= '<h4><i class="icon fa fa-warning"></i> Alert!</h4>';
$aff_astable .= 'No data for AS-SET <b>' . $asset . '</b>';
$aff_astable .= 'No data for AS-SET <b>' . htmlentities($asset) . '</b>';
$aff_astable .= '</div>';
}
// TOOLSBOX
$aff_toolsbox_add = '<a href="asset.php?asset='.$asset.'&action=clear" class="list-group-item"><i class="fa fa-remove text-red"></i> Remove AS-SET cache file for '.$asset.'.</a>';
$aff_toolsbox_add = '<a href="asset.php?asset='.htmlentities($asset).'&action=clear" class="list-group-item"><i class="fa fa-remove text-red"></i> Remove AS-SET cache file for '.htmlentities($asset).'.</a>';
} else {
$title = "AS-Stats | View AS-SET";
$header = 'History for AS-SET';
@ -252,7 +252,7 @@ $aff_toolsbox .= '</div>';
<div class="box-body">
<form class="navbar-form navbar-left" role="search">
<div class="input-group">
<input type="text" class="form-control menu-input" name="asset" placeholder="Search AS-SET" value="<?php echo $val_searchasset; ?>">
<input type="text" class="form-control menu-input" name="asset" placeholder="Search AS-SET" value="<?php echo htmlspecialchars($val_searchasset); ?>">
<span class="input-group-btn">
<button type="submit" class="btn btn-flat button-input"><i class="fa fa-search"></i></button>
</span>
@ -284,7 +284,7 @@ $aff_toolsbox .= '</div>';
<div class="col-lg-12">
<form method='get'>
<input type='hidden' name='asset' value='<?php echo $asset; ?>'/>
<input type='hidden' name='asset' value='<?php echo htmlspecialchars($asset); ?>'/>
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">Legend</h3>

4
func.inc
View File

@ -326,7 +326,7 @@ function menu($selected_links) {
$return .='</ul>';
$val_ntop = isset($_GET['n']) ? $_GET['n'] : "";
$val_ntop = isset($_GET['n']) ? htmlentities($_GET['n']) : "";
if ($dpagename == "index" || $dpagename == "ix") {
$return .='<form class="navbar-form navbar-left" role="search">';
@ -336,7 +336,7 @@ function menu($selected_links) {
}
if ( $dpagename == "ix" && isset($_GET['ix']) ) {
$return .='<input type="hidden" name="ix" value="'.$_GET['ix'].'">';
$return .='<input type="hidden" name="ix" value="'.htmlspecialchars($_GET['ix']).'">';
}
$return .='<div class="input-group">';

2
gengraph.php
View File

@ -36,6 +36,8 @@ if(isset($_GET['selected_links'])){
$reverse[$link['tag']] = array('color' => $link['color'], 'descr' => $link['descr']);
$links = array();
foreach(explode(',', $_GET['selected_links']) as $tag){
if (preg_match('/[^a-zA-Z0-9]/', $tag))
continue;
$link = array('tag' => $tag,
'color' => $reverse[$tag]['color'],
'descr' => $reverse[$tag]['descr']);

9
ix.php
View File

@ -223,7 +223,7 @@ if ( $ix_id ) {
<!-- =============================================== -->
<div class="content-wrapper">
<?php echo content_header($ix_name . ' Top ' . $ntop . ' AS', '('.$label.')'); ?>
<?php echo content_header(htmlentities($ix_name) . ' Top ' . $ntop . ' AS', '('.$label.')'); ?>
<section class="content">
<div class="row">
@ -261,7 +261,7 @@ if ( $ix_id ) {
<input type='hidden' name='numhours' value='<?php echo $hours; ?>'/>
<input type='hidden' name='n' value='<?php echo $ntop; ?>'/>
<input type='hidden' name='ix' value='<?php echo $ix_id; ?>'/>
<input type='hidden' name='name_ix' value='<?php echo $name_ix; ?>'/>
<input type='hidden' name='name_ix' value='<?php echo htmlspecialchars($name_ix); ?>'/>
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">Legend</h3>
@ -309,8 +309,7 @@ if ( $ix_id ) {
<h3 class="box-title">Search IX</h3>
</div>
<div class="box-body">
<?php $val_name_ix = isset($_GET['name_ix']) ? $_GET['name_ix'] : ""; ?>
<input type="text" class="form-control" name="name_ix" placeholder="Search IX" id="peeringdb" data-provide="typeahead" autocomplete="off" value="<?php echo $val_name_ix; ?>">
<input type="text" class="form-control" name="name_ix" placeholder="Search IX" id="peeringdb" data-provide="typeahead" autocomplete="off" value="<?php echo htmlspecialchars($name_ix); ?>">
<input type='hidden' id='ix' name='ix'/>
<div id="message"></div>
</div>
@ -323,7 +322,7 @@ if ( $ix_id ) {
<form method='get'>
<input type='hidden' name='ix' value='<?php echo $ix_id; ?>'/>
<input type='hidden' name='n' value='<?php echo $ntop; ?>'/>
<input type='hidden' name='name_ix' value='<?php echo $name_ix; ?>'/>
<input type='hidden' name='name_ix' value='<?php echo htmlspecialchars($name_ix); ?>'/>
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title">Interval</h3>

3
lib/class/peeringdb.php
View File

@ -90,7 +90,8 @@ class PeeringDB {
}
public function GetIXName( $regex = NULL) {
if ( $regex ) { $regex = '?name__contains='.$regex; }
if (is_string($regex)) { $regex = '?name__contains='.urlencode($regex); }
else $regex = '';
$json = json_decode($this->sendRequest($this->url."/ix".$regex));
return $json->data;
}