admin web: fix a bug and security vulnerability

In the "ops" web page showing results, the credit link was wrong.

The page for grepping logs allowed people to run arbitrary shell commands.
Use escapeshellcmd() to prevent this.

However: the Ops interface lets you type in arbitrary SQL,
which lets bad guys do all sorts of things.
So you need to protect access to Ops very strongly.

TODO: fix all vulnerabilities in ops/.
Get rid of the DB browsing features; use phpmysqladmin.
This commit is contained in:
David Anderson 2017-05-11 21:14:15 -07:00
parent 5b6f648570
commit aba8af3bc0
2 changed files with 5 additions and 3 deletions

View File

@ -1162,7 +1162,7 @@ function show_result_short($result) {
$validate_color = validate_color($result->validate_state);
$host_user = host_user_link($result->hostid);
$cpu_hours = sprintf("%.1f",$result->cpu_time / 3600);
$granted_credit = "<a href=credit.php?resultid=$result->id>".credit_str($result->granted_credit)."</a>";
$granted_credit = "<a href=credit.php?wu_id=$result->workunitid>".credit_str($result->granted_credit)."</a>";
$delete_state = file_delete_state_str($result->file_delete_state);
echo "

View File

@ -29,11 +29,13 @@ if (!$log_dir) {
if( isset($_GET["f"]) ){
$f = $_GET["f"];
$f = escapeshellcmd($f);
} else {
$f = "";
}
if( isset($_GET["s"]) ){
$s = $_GET["s"];
$s = escapeshellcmd($s);
} else {
$s = "";
}