From 2ca9e6fb4a127a618fe184ddb31d38f63d4eb926 Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Fri, 17 Apr 2020 11:18:49 +0200
Subject: [PATCH] 1st approach avoid quick_shell vulnerability (telnet)

---
 pandora_console/extensions/quick_shell.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pandora_console/extensions/quick_shell.php b/pandora_console/extensions/quick_shell.php
index 6b70ae21e8..644e9aa564 100644
--- a/pandora_console/extensions/quick_shell.php
+++ b/pandora_console/extensions/quick_shell.php
@@ -188,9 +188,10 @@ function quickShell()
     } else if ($method == 'telnet') {
         // Telnet.
         $port = $config['gotty_telnet_port'];
+        $username = preg_replace('/[^a-zA-Z0-9\-\.]/', '', $username);
         $command_arguments = "var args = '?arg=-l ".$username;
         $command_arguments .= '&arg='.$address;
-        $command_arguments .= '&arg='.$method_port."';";
+        $command_arguments .= '&arg='.$method_port."&arg=-E';";
     } else {
         ui_print_error_message(__('Please use SSH or Telnet.'));
         return;