diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index 6c6da0a993..fa01e2f3ee 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -119,7 +119,7 @@ function config_update_config () { case 'general': if (!config_update_value ('language', (string) get_parameter ('language'))) $error_update[] = __('Language code for Pandora'); - if (!config_update_value ('remote_config', (string) get_parameter ('remote_config'))) + if (!config_update_value ('remote_config', io_safe_input((string) get_parameter ('remote_config')))) $error_update[] = __('Remote config directory'); if (!config_update_value ('loginhash_pwd', (string) get_parameter ('loginhash_pwd'))) $error_update[] = __('Auto login (hash) password'); @@ -130,7 +130,7 @@ function config_update_config () { $error_update[] = __('Automatic check for updates'); if (!config_update_value ('https', (bool) get_parameter ('https'))) $error_update[] = __('Enforce https'); - if (!config_update_value ('attachment_store', (string) get_parameter ('attachment_store'))) + if (!config_update_value ('attachment_store', io_safe_input((string) get_parameter ('attachment_store')))) $error_update[] = __('Attachment store'); if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API'))) $error_update[] = __('IP list with API access'); @@ -405,7 +405,7 @@ function config_update_config () { $error_update[] = __('Show QR code header'); if (!config_update_value ('status_images_set', (string) get_parameter ('status_images_set'))) $error_update[] = __('Status icon set'); - if (!config_update_value ('fontpath', (string) get_parameter ('fontpath'))) + if (!config_update_value ('fontpath', io_safe_input((string) get_parameter ('fontpath')))) $error_update[] = __('Font path'); if (!config_update_value ('font_size', get_parameter('font_size'))) $error_update[] = __('Font size'); @@ -443,7 +443,7 @@ function config_update_config () { $error_update[] = __('Fixed menu'); if (!config_update_value ('paginate_module', get_parameter('paginate_module'))) $error_update[] = __('Paginate module'); - if (!config_update_value ('graphviz_bin_dir', get_parameter('graphviz_bin_dir'))) + if (!config_update_value ('graphviz_bin_dir', io_safe_input(get_parameter('graphviz_bin_dir')))) $error_update[] = __('Custom graphviz directory'); if (!config_update_value ('networkmap_max_width', get_parameter('networkmap_max_width'))) $error_update[] = __('Networkmap max width'); @@ -531,7 +531,7 @@ function config_update_config () { $error_update[] = __('Name resolution for IP address'); break; case 'log': - if (!config_update_value ('log_dir', get_parameter('log_dir'))) + if (!config_update_value ('log_dir', io_safe_input(get_parameter('log_dir')))) $error_update[] = __('Netflow max lifetime'); if (!config_update_value ('log_max_lifetime', (int)get_parameter('log_max_lifetime'))) $error_update[] = __('Log max lifetime'); @@ -805,21 +805,21 @@ function config_process_config () { // dir. if (!isset ($config['attachment_store'])) { config_update_value('attachment_store', - $config['homedir'] . '/attachment'); + io_safe_input($config['homedir']) . '/attachment'); } else { //Fixed when the user moves the pandora console to another dir //after the first uses. if (!is_dir($config['attachment_store'])) { config_update_value('attachment_store', - $config['homedir'] . '/attachment'); + io_safe_input($config['homedir']) . '/attachment'); } } if (!isset ($config['fontpath'])) { config_update_value('fontpath', - $config['homedir'] . '/include/fonts/smallfont.ttf'); + io_safe_input($config['homedir']) . '/include/fonts/smallfont.ttf'); } if (!isset ($config['style'])) {