Révision 1de3a5dd
Ajouté par jim-p il y a presque 10 ans
usr/local/www/diag_testport.php | ||
---|---|---|
68 | 68 |
$input_errors[] = gettext("Please enter a valid port number."); |
69 | 69 |
} |
70 | 70 |
|
71 |
if (is_numeric($_REQUEST['srcport']) && !is_port($_REQUEST['srcport'])) {
|
|
71 |
if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) {
|
|
72 | 72 |
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); |
73 | 73 |
} |
74 | 74 |
|
... | ... | |
189 | 189 |
echo '<pre>'; |
190 | 190 |
$result = ""; |
191 | 191 |
$nc_base_cmd = "/usr/bin/nc"; |
192 |
$nc_args = "-w {$timeout}";
|
|
192 |
$nc_args = "-w " . escapeshellarg($timeout);
|
|
193 | 193 |
if (!$showtext) |
194 | 194 |
$nc_args .= " -z "; |
195 | 195 |
if (!empty($srcport)) |
196 |
$nc_args .= " -p {$srcport} ";
|
|
196 |
$nc_args .= " -p " . escapeshellarg($srcport) . " ";
|
|
197 | 197 |
|
198 | 198 |
/* Attempt to determine the interface address, if possible. Else try both. */ |
199 | 199 |
if (is_ipaddrv4($host)) { |
Formats disponibles : Unified diff
Fix input validation logic on diag_testport.php, escape more shell arguments for good measure