Révision ee4ba9fb
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/diag_dns.php | ||
---|---|---|
38 | 38 |
if ($_GET['host']) |
39 | 39 |
$_POST = $_GET; |
40 | 40 |
|
41 |
if($_GET['createalias'] == "true") { |
|
42 |
$host = trim($_POST['host']); |
|
41 |
$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'"); |
|
42 |
$host_esc = escapeshellarg($host); |
|
43 |
|
|
44 |
if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) { |
|
43 | 45 |
if($_GET['override']) |
44 | 46 |
$override = true; |
45 | 47 |
$a_aliases = &$config['aliases']['alias']; |
46 | 48 |
$type = "hostname"; |
47 | 49 |
$resolved = gethostbyname($host); |
48 | 50 |
if($resolved) { |
49 |
$host = trim($_POST['host']); |
|
50 |
$dig=`dig "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`; |
|
51 |
$dig=`dig "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`; |
|
51 | 52 |
$resolved = explode("\n", $dig); |
52 | 53 |
$isfirst = true; |
53 | 54 |
foreach($resolved as $re) { |
... | ... | |
93 | 94 |
$reqdfieldsn = explode(",", "Host"); |
94 | 95 |
|
95 | 96 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); |
96 |
$host = trim($_POST['host'], " \t\n\r\0\x0B[]"); |
|
97 |
$host_esc = escapeshellarg($host); |
|
98 | 97 |
|
99 | 98 |
if (!is_hostname($host) && !is_ipaddr($host)) { |
100 | 99 |
$input_errors[] = gettext("Host must be a valid hostname or IP address."); |
... | ... | |
130 | 129 |
$type = "hostname"; |
131 | 130 |
$resolved = gethostbyname($host); |
132 | 131 |
if($resolved) { |
133 |
$dig=`dig $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`;
|
|
132 |
$dig=`dig {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`;
|
|
134 | 133 |
$resolved = explode("\n", $dig); |
135 | 134 |
} |
136 | 135 |
$hostname = $host; |
Formats disponibles : Unified diff
Be more careful with host parameter and make sure it's escaped when call shell functions