Révision 46d3f6a6
Ajouté par jim-p il y a plus de 9 ans
usr/local/www/diag_testport.php | ||
---|---|---|
68 | 68 |
$input_errors[] = gettext("Please enter a valid port number."); |
69 | 69 |
} |
70 | 70 |
|
71 |
if (is_numeric($_REQUEST['srcport']) && !is_port($_REQUEST['srcport'])) {
|
|
71 |
if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) {
|
|
72 | 72 |
$input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); |
73 | 73 |
} |
74 | 74 |
|
... | ... | |
198 | 198 |
echo "<textarea id=\"testportCaptured\" style=\"width:98%\" name=\"code\" rows=\"15\" cols=\"66\" readonly=\"readonly\">"; |
199 | 199 |
$result = ""; |
200 | 200 |
$nc_base_cmd = "/usr/bin/nc"; |
201 |
$nc_args = "-w {$timeout}";
|
|
201 |
$nc_args = "-w " . escapeshellarg($timeout);
|
|
202 | 202 |
if (!$showtext) |
203 | 203 |
$nc_args .= " -z "; |
204 | 204 |
if (!empty($srcport)) |
205 |
$nc_args .= " -p {$srcport} ";
|
|
205 |
$nc_args .= " -p " . escapeshellarg($srcport) . " ";
|
|
206 | 206 |
|
207 | 207 |
/* Attempt to determine the interface address, if possible. Else try both. */ |
208 | 208 |
if (is_ipaddrv4($host)) { |
Formats disponibles : Unified diff
Fix input validation logic on diag_testport.php, escape more shell arguments for good measure