Merge pull request #2439 from mnoorenberghe/plugin_xss
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
This commit is contained in:
commit
03590226ac
|
@ -55,6 +55,7 @@ function CSPHeaders($view, $nonce) {
|
||||||
case 'log':
|
case 'log':
|
||||||
case 'logout':
|
case 'logout':
|
||||||
case 'options':
|
case 'options':
|
||||||
|
case 'plugin':
|
||||||
case 'privacy':
|
case 'privacy':
|
||||||
case 'storage':
|
case 'storage':
|
||||||
case 'version': {
|
case 'version': {
|
||||||
|
|
|
@ -36,7 +36,8 @@ if ( $zid > 0 ) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$monitor = dbFetchMonitor ( $mid );
|
$monitor = dbFetchMonitor ( $mid );
|
||||||
$plugin = $_REQUEST['pl'];
|
// Only allow certain filename characters (not including a period) to prevent directory traversal.
|
||||||
|
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);
|
||||||
|
|
||||||
$plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin;
|
$plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin;
|
||||||
|
|
||||||
|
@ -103,7 +104,7 @@ function pLang($name)
|
||||||
<body>
|
<body>
|
||||||
<div id="page">
|
<div id="page">
|
||||||
<div id="header">
|
<div id="header">
|
||||||
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo $plugin ?></h2>
|
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
|
||||||
</div>
|
</div>
|
||||||
<div id="content">
|
<div id="content">
|
||||||
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
|
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
|
||||||
|
@ -111,7 +112,7 @@ function pLang($name)
|
||||||
<input type="hidden" name="action" value="plugin"/>
|
<input type="hidden" name="action" value="plugin"/>
|
||||||
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>
|
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>
|
||||||
<input type="hidden" name="zid" value="<?php echo $zid ?>"/>
|
<input type="hidden" name="zid" value="<?php echo $zid ?>"/>
|
||||||
<input type="hidden" name="pl" value="<?php echo $plugin ?>"/>
|
<input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>
|
||||||
|
|
||||||
<div id="settingsPanel">
|
<div id="settingsPanel">
|
||||||
<table id="pluginSettings" cellspacing="0">
|
<table id="pluginSettings" cellspacing="0">
|
||||||
|
@ -143,8 +144,9 @@ foreach($pluginOptions as $name => $popt)
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</td>
|
|
||||||
</select>
|
</select>
|
||||||
|
</td>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
break;
|
break;
|
||||||
case "text":
|
case "text":
|
||||||
|
@ -158,7 +160,7 @@ foreach($pluginOptions as $name => $popt)
|
||||||
?>
|
?>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
|
<input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" <?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
|
||||||
<input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
|
<input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
Loading…
Reference in New Issue