fixes #847, CVE-2018-5692 protect a few user input variables

2026-03-28 17:42:57 +01:00 · 2018-07-11 11:22:31 +02:00
parent 23fa4c1a73
commit 69345c06e2
5 changed files with 8 additions and 0 deletions
--- a/admin.php
+++ b/admin.php
@@ -42,6 +42,7 @@ trigger_notify('loc_begin_admin');
 check_status(ACCESS_ADMINISTRATOR);

 check_input_parameter('page', $_GET, false, '/^[a-zA-Z\d_-]+$/');
+check_input_parameter('section', $_GET, false, '/^[a-z]+[a-z_\/-]*(\.php)?$/i');

 // +-----------------------------------------------------------------------+
 // | Direct actions                                                        |
--- a/admin/batch_manager.php
+++ b/admin/batch_manager.php
@@ -42,6 +42,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
 check_status(ACCESS_ADMINISTRATOR);

 check_input_parameter('selection', $_POST, true, PATTERN_ID);
+check_input_parameter('display', $_REQUEST, false, '/^(\d+|all)$/');

 // +-----------------------------------------------------------------------+
 // | specific actions                                                      |
--- a/admin/notification_by_mail.php
+++ b/admin/notification_by_mail.php
@@ -42,6 +42,8 @@ include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);

+check_input_parameter('mode', $_GET, false, '/^(param|subscribe|send)$/');
+
 // +-----------------------------------------------------------------------+
 // | Initialization                                                        |
 // +-----------------------------------------------------------------------+
--- a/admin/rating.php
+++ b/admin/rating.php
@@ -33,6 +33,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);

+check_input_parameter('display', $_GET, false, PATTERN_ID);

 include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
 $tabsheet = new tabsheet();
--- a/admin/updates_pwg.php
+++ b/admin/updates_pwg.php
@@ -37,7 +37,10 @@ STEP:
 3 = upgrade on different branch
 */
 $step = isset($_GET['step']) ? $_GET['step'] : 0;
+
+check_input_parameter('to', $_GET, false, '/^\d+\.\d+\.\d+$/');
 $upgrade_to = isset($_GET['to']) ? $_GET['to'] : '';
+
 $updates = new updates();

 // +-----------------------------------------------------------------------+