Commit 7af26ef3 authored by Russ Fish's avatar Russ Fish

Plug 4 SQL injection holes.

parent cdd73465
......@@ -441,6 +441,7 @@ if (!isset($formfields["idleswap"]) ||
addslashes($formfields["noidleswap_reason"]) . "'";
}
elseif (!isset($formfields["idleswap_timeout"]) ||
!preg_match("/^[\d]+$/", $formfields["idleswap_timeout"]) ||
($formfields["idleswap_timeout"] + 0) <= 0 ||
( (($formfields["idleswap_timeout"] + 0) > $idleswaptimeout) &&
!ISADMIN()) ) {
......@@ -463,6 +464,7 @@ if (!isset($formfields["autoswap"]) ||
$inserts[] = "autoswap_timeout=0";
}
elseif (!isset($formfields["autoswap_timeout"]) ||
!preg_match("/^[\d]+$/", $formfields["autoswap_timeout"]) ||
($formfields["autoswap_timeout"] + 0) == 0) {
$errors["Max Duration"] = "Invalid time provided";
}
......@@ -490,7 +492,10 @@ else {
if (isset($formfields["cpu_usage"]) &&
strcmp($formfields["cpu_usage"], "")) {
if (($formfields["cpu_usage"] + 0) < 0 ||
if (!preg_match("/^[\d]+$/", $formfields["cpu_usage"])) {
$errors["CPU Usage"] = "Invalid character";
}
elseif (($formfields["cpu_usage"] + 0) < 0 ||
($formfields["cpu_usage"] + 0) > 5) {
$errors["CPU Usage"] = "Invalid (0 <= X <= 5)";
}
......@@ -508,7 +513,10 @@ else {
if (isset($formfields["mem_usage"]) &&
strcmp($formfields["mem_usage"], "")) {
if (($formfields["mem_usage"] + 0) < 0 ||
if (!preg_match("/^[\d]+$/", $formfields["mem_usage"])) {
$errors["Mem Usage"] = "Invalid character";
}
elseif (($formfields["mem_usage"] + 0) < 0 ||
($formfields["mem_usage"] + 0) > 5) {
$errors["Mem Usage"] = "Invalid (0 <= X <= 5)";
}
......@@ -526,9 +534,12 @@ else {
if (isset($formfields["linktest_level"]) &&
strcmp($formfields["linktest_level"], "")) {
if (($formfields["linktest_level"] + 0) < 0 ||
if (!preg_match("/^[\d]+$/", $formfields["linktest_level"])) {
$errors["Linktest Level"] = "Invalid character";
}
elseif (($formfields["linktest_level"] + 0) < 0 ||
($formfields["linktest_level"] + 0) > 4) {
$errors["Linktest Level"] = "Invalid linktest level";
$errors["Linktest Level"] = "Invalid (0 <= X <= 4)";
}
else {
$inserts[] = "linktest_level=" . $formfields["linktest_level"];
......
......@@ -328,9 +328,8 @@ editexp.php3.1.html
Page Error</h2>
Probe label: \'**{editexp.php3:formfields[noswap_reason]}**
editexp.php3.10.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: '**{editexp.php3:formfields[linktest_level]}**
&nbsp;Oops, please fix the following errors!&nbsp;
<font color=red>Invalid character</font></td>
editexp.php3.4.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
......@@ -340,17 +339,15 @@ editexp.php3.6.html
Page Error</h2>
Probe label: \'**{editexp.php3:formfields[noidleswap_reason]}**
editexp.php3.8.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: '**{editexp.php3:formfields[cpu_usage]}**
&nbsp;Oops, please fix the following errors!&nbsp;
<font color=red>Invalid character</font></td>
editexp.php3.9.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: \'**{editexp.php3:formfields[description]}**
editexp.php3.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: '**{editexp.php3:formfields[mem_usage]}**
&nbsp;Oops, please fix the following errors!&nbsp;
<font color=red>Invalid character</font></td>
editgroup.php3.1.html
Could not map page arguments to 'group'
editgroup.php3.10.html
......@@ -1018,7 +1015,7 @@ showsumstats.php3.1.html
showsumstats.php3.html
Invalid range argument: '**{showsumstats.php3:range}**!
showuser_list.php3.html
Probe label: '**{showuser_list.php3:searchfor}**
Invalid page arguments: /showuser_list.php3<br><br>Invalid characters in 'searchfor': '**{showuser_list.php3:searchfor}**
swapexp.php3.1.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
......
Probe label: \'**{approveproject.php3:head_uid}**
Probe label: \'**{editexp.php3:formfields[noswap_reason]}**
Probe label: '**{editexp.php3:formfields[linktest_level]}**
Probe label: \'**{editexp.php3:formfields[noidleswap_reason]}**
Probe label: '**{editexp.php3:formfields[cpu_usage]}**
Probe label: \'**{editexp.php3:formfields[description]}**
Probe label: '**{editexp.php3:formfields[mem_usage]}**
Probe label: \'**{editimageid.php3:formfields[description]}**
Probe label: \'**{kb-manage.php3:formfields[xref_tag]}**
Probe label: \'**{kb-manage.php3:formfields[body]}**
......@@ -14,4 +11,3 @@
Probe label: \'**{moduserinfo.php3:formfields[usr_country]}**
Probe label: \'**{newgroup.php3:group_description}**
Probe label: \'**{newgroup.php3:group_leader}**
Probe label: '**{showuser_list.php3:searchfor}**
Probe label: '**{editexp.php3:formfields[cpu_usage]}**
Probe label: '**{editexp.php3:formfields[linktest_level]}**
Probe label: '**{editexp.php3:formfields[mem_usage]}**
Probe label: '**{showuser_list.php3:searchfor}**
......@@ -576,7 +576,7 @@ function VerifyPageArguments($argspec, $required)
$yep = 1;
# Pages never get arguments with special chars. Check.
if (preg_match("/^[\'\"]+$/", $object)) {
if (preg_match("/[\'\"]/", $object)) {
PAGEARGERROR("Invalid characters in '$name': $object");
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment