Révision ee4ba9fb
Ajouté par Renato Botelho il y a presque 10 ans
| usr/local/www/diag_dns.php | ||
|---|---|---|
| 38 | 38 |
if ($_GET['host']) |
| 39 | 39 |
$_POST = $_GET; |
| 40 | 40 |
|
| 41 |
if($_GET['createalias'] == "true") {
|
|
| 42 |
$host = trim($_POST['host']); |
|
| 41 |
$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'"); |
|
| 42 |
$host_esc = escapeshellarg($host); |
|
| 43 |
|
|
| 44 |
if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) {
|
|
| 43 | 45 |
if($_GET['override']) |
| 44 | 46 |
$override = true; |
| 45 | 47 |
$a_aliases = &$config['aliases']['alias']; |
| 46 | 48 |
$type = "hostname"; |
| 47 | 49 |
$resolved = gethostbyname($host); |
| 48 | 50 |
if($resolved) {
|
| 49 |
$host = trim($_POST['host']); |
|
| 50 |
$dig=`dig "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`;
|
|
| 51 |
$dig=`dig "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`;
|
|
| 51 | 52 |
$resolved = explode("\n", $dig);
|
| 52 | 53 |
$isfirst = true; |
| 53 | 54 |
foreach($resolved as $re) {
|
| ... | ... | |
| 93 | 94 |
$reqdfieldsn = explode(",", "Host");
|
| 94 | 95 |
|
| 95 | 96 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); |
| 96 |
$host = trim($_POST['host'], " \t\n\r\0\x0B[]"); |
|
| 97 |
$host_esc = escapeshellarg($host); |
|
| 98 | 97 |
|
| 99 | 98 |
if (!is_hostname($host) && !is_ipaddr($host)) {
|
| 100 | 99 |
$input_errors[] = gettext("Host must be a valid hostname or IP address.");
|
| ... | ... | |
| 130 | 129 |
$type = "hostname"; |
| 131 | 130 |
$resolved = gethostbyname($host); |
| 132 | 131 |
if($resolved) {
|
| 133 |
$dig=`dig $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`;
|
|
| 132 |
$dig=`dig {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`;
|
|
| 134 | 133 |
$resolved = explode("\n", $dig);
|
| 135 | 134 |
} |
| 136 | 135 |
$hostname = $host; |
Formats disponibles : Unified diff
Be more careful with host parameter and make sure it's escaped when call shell functions