Commit ab1761e5 authored by Russ Fish's avatar Russ Fish
Browse files

When I fixed the regexp in PAGEARG_STRING that checks for quotes, it plugged

one SQL injection hole, and shifted detection of probes  earlier in a lot
of other pages.  But some inputs that were marked PAGEARG_STRING should
actually be PAGEARG_ANYTHING, since they're text fields where quotes make
sense, and are escaped properly in the logic that handles them.

  approveproject.php3 - message
  editnodetype.php3 - newattribute_value
  newnodelog.php3 - log_entry
  newosid.php3 - description
  nodecontrol.php3 - startupcmd (node_control strips single-quotes from values.)
parent 34f19ee9
...@@ -22,7 +22,7 @@ $reqargs = RequiredPageArguments("project", PAGEARG_PROJECT, ...@@ -22,7 +22,7 @@ $reqargs = RequiredPageArguments("project", PAGEARG_PROJECT,
"approval", PAGEARG_STRING); "approval", PAGEARG_STRING);
$optargs = OptionalPageArguments("head_uid", PAGEARG_STRING, $optargs = OptionalPageArguments("head_uid", PAGEARG_STRING,
"user_interface", PAGEARG_STRING, "user_interface", PAGEARG_STRING,
"message", PAGEARG_STRING, "message", PAGEARG_ANYTHING,
"silent", PAGEARG_BOOLEAN); "silent", PAGEARG_BOOLEAN);
# #
......
...@@ -30,7 +30,7 @@ $optargs = OptionalPageArguments("submit", PAGEARG_STRING, ...@@ -30,7 +30,7 @@ $optargs = OptionalPageArguments("submit", PAGEARG_STRING,
"attributes", PAGEARG_ARRAY, "attributes", PAGEARG_ARRAY,
"newattribute_type", PAGEARG_STRING, "newattribute_type", PAGEARG_STRING,
"newattribute_name", PAGEARG_STRING, "newattribute_name", PAGEARG_STRING,
"newattribute_value", PAGEARG_STRING); "newattribute_value", PAGEARG_ANYTHING);
if (!isset($node_type)) { $node_type = ""; } if (!isset($node_type)) { $node_type = ""; }
if (!isset($attributes)) { $attributes = array(); } if (!isset($attributes)) { $attributes = array(); }
......
...@@ -24,7 +24,7 @@ $isadmin = ISADMIN(); ...@@ -24,7 +24,7 @@ $isadmin = ISADMIN();
# #
$reqargs = RequiredPageArguments("node", PAGEARG_NODE, $reqargs = RequiredPageArguments("node", PAGEARG_NODE,
"log_type", PAGEARG_STRING, "log_type", PAGEARG_STRING,
"log_entry", PAGEARG_STRING); "log_entry", PAGEARG_ANYTHING);
# #
# Only Admins can enter log entries. # Only Admins can enter log entries.
......
...@@ -26,7 +26,7 @@ $isadmin = ISADMIN(); ...@@ -26,7 +26,7 @@ $isadmin = ISADMIN();
# #
$optargs = OptionalPageArguments("osname", PAGEARG_STRING, $optargs = OptionalPageArguments("osname", PAGEARG_STRING,
"project", PAGEARG_PROJECT, "project", PAGEARG_PROJECT,
"description", PAGEARG_STRING, "description", PAGEARG_ANYTHING,
"os_path", PAGEARG_STRING, "os_path", PAGEARG_STRING,
"os_version", PAGEARG_STRING, "os_version", PAGEARG_STRING,
"OS", PAGEARG_STRING, "OS", PAGEARG_STRING,
......
...@@ -25,7 +25,7 @@ $isadmin = ISADMIN(); ...@@ -25,7 +25,7 @@ $isadmin = ISADMIN();
$reqargs = RequiredPageArguments("node", PAGEARG_NODE, $reqargs = RequiredPageArguments("node", PAGEARG_NODE,
"def_boot_osid", PAGEARG_STRING, "def_boot_osid", PAGEARG_STRING,
"def_boot_cmd_line", PAGEARG_STRING, "def_boot_cmd_line", PAGEARG_STRING,
"startupcmd", PAGEARG_STRING, "startupcmd", PAGEARG_ANYTHING,
"tarballs", PAGEARG_STRING, "tarballs", PAGEARG_STRING,
"rpms", PAGEARG_STRING); "rpms", PAGEARG_STRING);
$optargs = OptionalPageArguments("next_boot_osid", PAGEARG_STRING, $optargs = OptionalPageArguments("next_boot_osid", PAGEARG_STRING,
...@@ -57,7 +57,7 @@ if ($def_boot_cmd_line != $node->def_boot_cmd_line()) { ...@@ -57,7 +57,7 @@ if ($def_boot_cmd_line != $node->def_boot_cmd_line()) {
$command_string .= "default_boot_cmdline='$def_boot_cmd_line' "; $command_string .= "default_boot_cmdline='$def_boot_cmd_line' ";
} }
if ($startupcmd != $node->startupcmd()) { if ($startupcmd != $node->startupcmd()) {
$command_string .= "startup_command='$startupcmd' "; $command_string .= "startup_command=" . escapeshellarg($startupcmd) . " ";
} }
if ($tarballs != $node->tarballs()) { if ($tarballs != $node->tarballs()) {
$command_string .= "tarfiles='$tarballs' "; $command_string .= "tarfiles='$tarballs' ";
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment