mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-28 08:14:38 +02:00
Fixed netflow command injection vulnerability
This commit is contained in:
parent
80d5eea467
commit
22cd129f71
@ -890,7 +890,7 @@ function netflow_get_command($filter)
|
||||
}
|
||||
|
||||
// Filter options.
|
||||
$command .= netflow_get_filter_arguments($filter);
|
||||
$command .= ' '.netflow_get_filter_arguments($filter);
|
||||
|
||||
return $command;
|
||||
}
|
||||
@ -909,16 +909,14 @@ function netflow_get_filter_arguments($filter)
|
||||
$filter_args = '';
|
||||
if ($filter['advanced_filter'] != '') {
|
||||
$filter_args = preg_replace('/["\r\n]/', '', io_safe_output($filter['advanced_filter']));
|
||||
return ' "('.$filter_args.')"';
|
||||
}
|
||||
|
||||
} else {
|
||||
if ($filter['router_ip'] != '') {
|
||||
$filter_args .= ' "(router ip '.$filter['router_ip'].')';
|
||||
$filter_args .= ' (router ip '.$filter['router_ip'].')';
|
||||
}
|
||||
|
||||
// Normal filter.
|
||||
if ($filter['ip_dst'] != '') {
|
||||
$filter_args .= ' "(';
|
||||
$filter_args .= ' (';
|
||||
$val_ipdst = explode(',', io_safe_output($filter['ip_dst']));
|
||||
for ($i = 0; $i < count($val_ipdst); $i++) {
|
||||
if ($i > 0) {
|
||||
@ -937,7 +935,7 @@ function netflow_get_filter_arguments($filter)
|
||||
|
||||
if ($filter['ip_src'] != '') {
|
||||
if ($filter_args == '') {
|
||||
$filter_args .= ' "(';
|
||||
$filter_args .= ' (';
|
||||
} else {
|
||||
$filter_args .= ' and (';
|
||||
}
|
||||
@ -960,7 +958,7 @@ function netflow_get_filter_arguments($filter)
|
||||
|
||||
if ($filter['dst_port'] != '') {
|
||||
if ($filter_args == '') {
|
||||
$filter_args .= ' "(';
|
||||
$filter_args .= ' (';
|
||||
} else {
|
||||
$filter_args .= ' and (';
|
||||
}
|
||||
@ -979,7 +977,7 @@ function netflow_get_filter_arguments($filter)
|
||||
|
||||
if ($filter['src_port'] != '') {
|
||||
if ($filter_args == '') {
|
||||
$filter_args .= ' "(';
|
||||
$filter_args .= ' (';
|
||||
} else {
|
||||
$filter_args .= ' and (';
|
||||
}
|
||||
@ -998,7 +996,7 @@ function netflow_get_filter_arguments($filter)
|
||||
|
||||
if (isset($filter['proto']) && $filter['proto'] != '') {
|
||||
if ($filter_args == '') {
|
||||
$filter_args .= ' "(';
|
||||
$filter_args .= ' (';
|
||||
} else {
|
||||
$filter_args .= ' and (';
|
||||
}
|
||||
@ -1014,9 +1012,10 @@ function netflow_get_filter_arguments($filter)
|
||||
|
||||
$filter_args .= ')';
|
||||
}
|
||||
}
|
||||
|
||||
if ($filter_args != '') {
|
||||
$filter_args .= '"';
|
||||
$filter_args = escapeshellarg($filter_args);
|
||||
}
|
||||
|
||||
return $filter_args;
|
||||
|
Loading…
x
Reference in New Issue
Block a user