updated README; sanitize script parameter in index.php; sanitize description fields of entities (thx to zerody for pointing these out)
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
12
README.md
12
README.md
@@ -21,7 +21,7 @@ Developed by experienced server administrators, this panel simplifies the effort
|
||||
9. Have fun!
|
||||
|
||||
### Detailed installation
|
||||
https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-tarball
|
||||
https://docs.froxlor.org/general/installation/index.html
|
||||
|
||||
## Help
|
||||
|
||||
@@ -42,12 +42,12 @@ The community is located on https://forum.froxlor.org/
|
||||
|
||||
### Wiki
|
||||
|
||||
More documentation may be found in the froxlor - wiki:
|
||||
https://github.com/Froxlor/Froxlor/wiki
|
||||
More documentation may be found in the froxlor - documentation:
|
||||
https://docs.froxlor.org/
|
||||
|
||||
## License
|
||||
|
||||
May be found in COPYING
|
||||
May be found in [COPYING](COPYING)
|
||||
|
||||
## Downloads
|
||||
|
||||
@@ -56,7 +56,7 @@ https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.fro
|
||||
|
||||
### Debian repository
|
||||
|
||||
[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-debian)
|
||||
[HowTo](https://docs.froxlor.org/general/installation/aptpackage.html)
|
||||
|
||||
```
|
||||
apt-get -y install apt-transport-https lsb-release ca-certificates
|
||||
@@ -66,7 +66,7 @@ echo "deb https://deb.froxlor.org/debian $(lsb_release -sc) main" > /etc/apt/sou
|
||||
|
||||
### Ubuntu repository
|
||||
|
||||
[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-ubuntu)
|
||||
[HowTo](https://docs.froxlor.org/general/installation/aptpackage.html)
|
||||
|
||||
```
|
||||
apt-get -y install apt-transport-https lsb-release ca-certificates
|
||||
|
||||
@@ -378,6 +378,8 @@ if ($action == '2fa_entercode') {
|
||||
$lastscript = "";
|
||||
if (isset($_REQUEST['script']) && $_REQUEST['script'] != "") {
|
||||
$lastscript = $_REQUEST['script'];
|
||||
$lastscript = str_replace("..", "", $lastscript);
|
||||
$lastscript = htmlspecialchars($lastscript, ENT_QUOTES);
|
||||
|
||||
if (! file_exists(__DIR__ . "/" . $lastscript)) {
|
||||
$lastscript = "";
|
||||
|
||||
@@ -178,9 +178,9 @@ class FpmDaemons extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
|
||||
$custom_config = $this->getParam('custom_config', true, '');
|
||||
|
||||
// validation
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$reload_cmd = \Froxlor\Validate\Validate::validate($reload_cmd, 'reload_cmd', '', '', array(), true);
|
||||
$config_dir = \Froxlor\Validate\Validate::validate($config_dir, 'config_dir', '', '', array(), true);
|
||||
$config_dir = \Froxlor\Validate\Validate::validate($config_dir, 'config_dir', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
|
||||
if (! in_array($pmanager, array(
|
||||
'static',
|
||||
'dynamic',
|
||||
@@ -299,9 +299,9 @@ class FpmDaemons extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
|
||||
$custom_config = $this->getParam('custom_config', true, $result['custom_config']);
|
||||
|
||||
// validation
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$reload_cmd = \Froxlor\Validate\Validate::validate($reload_cmd, 'reload_cmd', '', '', array(), true);
|
||||
$config_dir = \Froxlor\Validate\Validate::validate($config_dir, 'config_dir', '', '', array(), true);
|
||||
$config_dir = \Froxlor\Validate\Validate::validate($config_dir, 'config_dir', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
|
||||
if (! in_array($pmanager, array(
|
||||
'static',
|
||||
'dynamic',
|
||||
|
||||
@@ -79,7 +79,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
|
||||
// validation
|
||||
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
||||
$password = \Froxlor\System\Crypt::validatePassword($password, true);
|
||||
$description = \Froxlor\Validate\Validate::validate(trim($description), 'description', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate(trim($description), 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
|
||||
if (Settings::Get('system.allow_customer_shell') == '1') {
|
||||
$shell = \Froxlor\Validate\Validate::validate(trim($shell), 'shell', '', '', array(), true);
|
||||
@@ -396,7 +396,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
|
||||
|
||||
// validation
|
||||
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate(trim($description), 'description', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate(trim($description), 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
|
||||
if (Settings::Get('system.allow_customer_shell') == '1') {
|
||||
$shell = \Froxlor\Validate\Validate::validate(trim($shell), 'shell', '', '', array(), true);
|
||||
|
||||
@@ -216,7 +216,7 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
|
||||
|
||||
// validation
|
||||
$name = \Froxlor\Validate\Validate::validate(trim($name), 'name', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $description), 'description', '/^[^\0]*$/');
|
||||
$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $description), 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT);
|
||||
|
||||
if (Settings::Get('system.mail_quota_enabled') != '1') {
|
||||
$value_arr['email_quota'] = - 1;
|
||||
@@ -361,7 +361,7 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
|
||||
|
||||
// validation
|
||||
$name = \Froxlor\Validate\Validate::validate(trim($name), 'name', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $description), 'description', '/^[^\0]*$/');
|
||||
$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $description), 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT);
|
||||
|
||||
if (Settings::Get('system.mail_quota_enabled') != '1') {
|
||||
$value_arr['email_quota'] = - 1;
|
||||
|
||||
@@ -60,7 +60,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
// validation
|
||||
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
||||
$password = \Froxlor\System\Crypt::validatePassword($password, true);
|
||||
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
|
||||
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
if (!empty($databasename)) {
|
||||
$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\-_]+$/i', '', array(), true);
|
||||
}
|
||||
@@ -322,7 +322,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
|
||||
// validation
|
||||
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
||||
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
|
||||
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
|
||||
if ($password != '') {
|
||||
// validate password
|
||||
|
||||
@@ -266,7 +266,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);
|
||||
|
||||
// validation
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$phpsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $phpsettings), 'phpsettings', '/^[^\0]*$/', '', array(), true);
|
||||
if (Settings::Get('system.mod_fcgid') == 1) {
|
||||
$binary = \Froxlor\FileDir::makeCorrectFile(\Froxlor\Validate\Validate::validate($binary, 'binary', '', '', array(), true));
|
||||
@@ -466,7 +466,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);
|
||||
|
||||
// validation
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
|
||||
$description = \Froxlor\Validate\Validate::validate($description, 'description', \Froxlor\Validate\Validate::REGEX_DESC_TEXT, '', array(), true);
|
||||
$phpsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $phpsettings), 'phpsettings', '/^[^\0]*$/', '', array(), true);
|
||||
if (Settings::Get('system.mod_fcgid') == 1) {
|
||||
$binary = \Froxlor\FileDir::makeCorrectFile(\Froxlor\Validate\Validate::validate($binary, 'binary', '', '', array(), true));
|
||||
|
||||
@@ -85,8 +85,8 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
|
||||
$distributions_select_data = array();
|
||||
|
||||
//set default os.
|
||||
$os_dist = array('ID' => 'buster');
|
||||
$os_version = array('0' => '10');
|
||||
$os_dist = array('ID' => 'bullseye');
|
||||
$os_version = array('0' => '11');
|
||||
$os_default = $os_dist['ID'];
|
||||
|
||||
//read os-release
|
||||
|
||||
@@ -269,7 +269,7 @@ class HTML
|
||||
}
|
||||
|
||||
$text = strtr($text, array(
|
||||
'%s' => $targetname
|
||||
'%s' => htmlspecialchars($targetname)
|
||||
));
|
||||
eval("echo \"" . Template::getTemplate('misc/question_yesno', '1') . "\";");
|
||||
exit();
|
||||
@@ -302,7 +302,7 @@ class HTML
|
||||
}
|
||||
|
||||
$text = strtr($text, array(
|
||||
'%s' => $targetname
|
||||
'%s' => htmlspecialchars($targetname)
|
||||
));
|
||||
eval("echo \"" . Template::getTemplate('misc/question_yesno_checkbox', '1') . "\";");
|
||||
exit();
|
||||
|
||||
@@ -10,6 +10,8 @@ class Validate
|
||||
|
||||
const REGEX_CONF_TEXT = '/^[^\0]*$/';
|
||||
|
||||
const REGEX_DESC_TEXT = '/^[^\0\r\n<>]*$/';
|
||||
|
||||
/**
|
||||
* Validates the given string by matching against the pattern, prints an error on failure and exits
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user