mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-23 18:09:02 -06:00
Code Issues Packages Projects Releases Wiki Activity

Security update

Browse Source
This commit is contained in:
bergware
2021-08-13 13:04:51 +02:00
parent 4f752e3606
commit 2c30ce0a22
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/dynamix/include/ReloadPage.php
View File

@@ -15,9 +15,11 @@ $docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
// add translations
$_SERVER['REQUEST_URI'] = '';
require_once "$docroot/webGui/include/Translations.php";
require_once "$docroot/webGui/include/Secure.php";
if (isset($_GET['mount'])) {
exec("ps -C btrfs -o cmd=|awk '/\/mnt\/{$_GET['mount']}$/{print $2}'",$action);
$mount = unbind($_GET['mount']);
if ($mount) {
exec("ps -C btrfs -o cmd=|awk '/\/mnt\/$mount\$/{print $2}'",$action);
echo implode(',',$action);
} elseif (empty($_GET['btrfs'])) {
$var = parse_ini_file("state/var.ini");

8
plugins/dynamix/include/Secure.php
View File

@@ -11,10 +11,16 @@
*/
?>
<?
// remove malicious script elements
function unscript($text) {
return preg_replace('#<script(.*?)>(.+?)</script>#','',html_entity_decode($text));
}
// remove malicious code appended after string variable
function unhook($text) {
return preg_replace("/['\"](.*)?['\"];?.+$/",'',unscript($text));
return preg_replace("/['\"](.*)?['\"];?.+$/",'',html_entity_decode($text));
}
// remove malicious code appended after variable assignment
function unbind($text) {
return trim(explode(';',html_entity_decode($text))[0]);
}
?>