tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-6741-Vulnerabilidad-SQL-injection' into 'develop' 

Fix vulnerability

Closes pandora_enterprise#6741

See merge request artica/pandorafms!3622
This commit is contained in:
Daniel Rodriguez 2020-11-26 18:07:20 +01:00
parent 69d9d04c20 8c26892e55
commit d08e60f13a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/godmode/wizards/HostDevices.class.php
View File

@ -336,6 +336,12 @@ class HostDevices extends Wizard
)
)
);
// Forbidden chars cleaning.
foreach ($network as $key => $singleNetwork) {
$network[$key] = preg_replace('/[-()\']/', '', $singleNetwork);
}
unlink($_FILES['network_csv']['tmp_name']);
if (empty($network) || is_array($network) === false) {
$this->msg = __(