Fixing possible remote code executuin vulnerability introduced by commit
3bf4e2874a
Thanks to RedTeam Pentesting for pointing out this issue
This commit is contained in:
parent
f922f19fd3
commit
ccc423291c
|
@ -184,16 +184,18 @@ INSERT INTO options(name,value) VALUES ('schema_version', 4);
|
||||||
";
|
";
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$db = new PDO("$input->type:dbname=$input->database;host=$input->host;port=$input->port", $input->user, $input->password);
|
$db = new PDO("$input->type:dbname=$input->database;host=$input->host;port=" . intval($input->port), $input->user, $input->password);
|
||||||
}
|
}
|
||||||
catch (PDOException $e) {
|
catch (PDOException $e) {
|
||||||
$retval['status'] = "error";
|
$retval['status'] = "error";
|
||||||
$retval['message'] = serialize($e);
|
$retval['message'] = serialize($e);
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
||||||
|
|
||||||
if (!isset($retval)) {
|
if (!isset($retval)) {
|
||||||
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
|
||||||
$passwordHash = password_hash($input->userPassword, PASSWORD_DEFAULT);
|
$passwordHash = password_hash($input->userPassword, PASSWORD_DEFAULT);
|
||||||
|
|
||||||
$queries = explode(";", $sql[$input->type]);
|
$queries = explode(";", $sql[$input->type]);
|
||||||
|
@ -220,7 +222,7 @@ if (!isset($retval)) {
|
||||||
$configFile[] = '$config[\'db_user\'] = \'' . addslashes($input->user) . "';";
|
$configFile[] = '$config[\'db_user\'] = \'' . addslashes($input->user) . "';";
|
||||||
$configFile[] = '$config[\'db_password\'] = \'' . addslashes($input->password) . "';";
|
$configFile[] = '$config[\'db_password\'] = \'' . addslashes($input->password) . "';";
|
||||||
$configFile[] = '$config[\'db_name\'] = \'' . addslashes($input->database) . "';";
|
$configFile[] = '$config[\'db_name\'] = \'' . addslashes($input->database) . "';";
|
||||||
$configFile[] = '$config[\'db_port\'] = ' . addslashes($input->port) . ";";
|
$configFile[] = '$config[\'db_port\'] = ' . intval($input->port) . ";";
|
||||||
$configFile[] = '$config[\'db_type\'] = \'' . addslashes($input->type) . "';";
|
$configFile[] = '$config[\'db_type\'] = \'' . addslashes($input->type) . "';";
|
||||||
|
|
||||||
$retval['status'] = "success";
|
$retval['status'] = "success";
|
||||||
|
|
|
@ -30,4 +30,4 @@ $config['nonce_lifetime'] = 15;
|
||||||
//Number of rows in domain overview
|
//Number of rows in domain overview
|
||||||
$config['domain_rows'] = 15;
|
$config['domain_rows'] = 15;
|
||||||
|
|
||||||
include 'config-user.php';
|
require 'config-user.php';
|
||||||
|
|
Loading…
Reference in a new issue