From e0404d565a6f9fe8ce9724c1e761ecb59e77f606 Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Tue, 17 Nov 2020 14:49:26 +0100
Subject: [PATCH] Fix vulnerability

---
 pandora_console/godmode/wizards/HostDevices.class.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pandora_console/godmode/wizards/HostDevices.class.php b/pandora_console/godmode/wizards/HostDevices.class.php
index cb90d927b8..14ff80b163 100755
--- a/pandora_console/godmode/wizards/HostDevices.class.php
+++ b/pandora_console/godmode/wizards/HostDevices.class.php
@@ -336,6 +336,12 @@ class HostDevices extends Wizard
                             )
                         )
                     );
+
+                    // Forbidden chars cleaning.
+                    foreach ($network as $key => $singleNetwork) {
+                        $network[$key] = preg_replace('/[A-Za-z-()\']/', '', $singleNetwork);
+                    }
+
                     unlink($_FILES['network_csv']['tmp_name']);
                     if (empty($network) || is_array($network) === false) {
                         $this->msg = __(