Révision 46d3f6a6
Ajouté par jim-p il y a plus de 9 ans
| usr/local/www/diag_testport.php | ||
|---|---|---|
| 68 | 68 |
$input_errors[] = gettext("Please enter a valid port number.");
|
| 69 | 69 |
} |
| 70 | 70 |
|
| 71 |
if (is_numeric($_REQUEST['srcport']) && !is_port($_REQUEST['srcport'])) {
|
|
| 71 |
if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) {
|
|
| 72 | 72 |
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank.");
|
| 73 | 73 |
} |
| 74 | 74 |
|
| ... | ... | |
| 198 | 198 |
echo "<textarea id=\"testportCaptured\" style=\"width:98%\" name=\"code\" rows=\"15\" cols=\"66\" readonly=\"readonly\">"; |
| 199 | 199 |
$result = ""; |
| 200 | 200 |
$nc_base_cmd = "/usr/bin/nc"; |
| 201 |
$nc_args = "-w {$timeout}";
|
|
| 201 |
$nc_args = "-w " . escapeshellarg($timeout);
|
|
| 202 | 202 |
if (!$showtext) |
| 203 | 203 |
$nc_args .= " -z "; |
| 204 | 204 |
if (!empty($srcport)) |
| 205 |
$nc_args .= " -p {$srcport} ";
|
|
| 205 |
$nc_args .= " -p " . escapeshellarg($srcport) . " ";
|
|
| 206 | 206 |
|
| 207 | 207 |
/* Attempt to determine the interface address, if possible. Else try both. */ |
| 208 | 208 |
if (is_ipaddrv4($host)) {
|
Formats disponibles : Unified diff
Fix input validation logic on diag_testport.php, escape more shell arguments for good measure