merge some security fixes from rogerroger288

This commit is contained in:
Isaac Connor 2014-06-05 15:14:12 -04:00
parent fa2371f8e6
commit 5ae3cb8907
2 changed files with 14 additions and 6 deletions

View File

@ -212,10 +212,17 @@ if ( !empty($action) )
}
elseif ( $action == "settings" )
{
$zmuCommand = getZmuCommand( " -m ".$mid." -B".$_REQUEST['newBrightness']." -C".$_REQUEST['newContrast']." -H".$_REQUEST['newHue']." -O".$_REQUEST['newColour'] );
$zmuOutput = exec( escapeshellcmd( $zmuCommand ) );
$args = " -m " . escapeshellarg($mid);
$args .= " -B" . escapeshellarg($_REQUEST['newBrightness']);
$args .= " -C" . escapeshellarg($_REQUEST['newContrast']);
$args .= " -H" . escapeshellarg($_REQUEST['newHue']);
$args .= " -O" . escapeshellarg($_REQUEST['newColour']);
$zmuCommand = getZmuCommand( $args );
$zmuOutput = exec( $zmuCommand );
list( $brightness, $contrast, $hue, $colour ) = explode( ' ', $zmuOutput );
dbQuery( "update Monitors set Brightness = '".$brightness."', Contrast = '".$contrast."', Hue = '".$hue."', Colour = '".$colour."' where Id = '".$mid."'" );
dbQuery( "update Monitors set Brightness = ?, Contrast = ?, Hue = ?, Colour = ? where Id = ?", array($brightness, $contrast, $hue, $colour, $mid));
}
}
@ -462,7 +469,7 @@ if ( !empty($action) )
dbQuery( "update Monitors set ".implode( ", ", $changes )." where Id =?", array($mid) );
if ( isset($changes['Name']) )
{
exec( escapeshellcmd( "mv ".ZM_DIR_EVENTS."/".$monitor['Name']." ".ZM_DIR_EVENTS."/".$_REQUEST['newMonitor']['Name'] ) );
rename( ZM_DIR_EVENTS."/".$monitor['Name'], ZM_DIR_EVENTS."/".$_REQUEST['newMonitor']['Name']);
}
if ( isset($changes['Width']) || isset($changes['Height']) )
{

View File

@ -438,6 +438,7 @@ function outputControlStill( $src, $width, $height, $monitor, $scale, $target )
<?php
}
// Incoming args are shell-escaped. This function must escape any further arguments it cannot guarantee.
function getZmuCommand( $args )
{
$zmuCommand = ZMU_PATH;
@ -450,11 +451,11 @@ function getZmuCommand( $args )
}
elseif ( ZM_AUTH_RELAY == "plain" )
{
$zmuCommand .= " -U ".$_SESSION['username']." -P ".$_SESSION['password'];
$zmuCommand .= " -U " .escapeshellarg($_SESSION['username'])." -P ".escapeshellarg($_SESSION['password']);
}
elseif ( ZM_AUTH_RELAY == "none" )
{
$zmuCommand .= " -U ".$_SESSION['username'];
$zmuCommand .= " -U ".escapeshellarg($_SESSION['username']);
}
}