mirror of https://github.com/BOINC/boinc.git
admin web: fix a bug and security vulnerability
In the "ops" web page showing results, the credit link was wrong. The page for grepping logs allowed people to run arbitrary shell commands. Use escapeshellcmd() to prevent this. However: the Ops interface lets you type in arbitrary SQL, which lets bad guys do all sorts of things. So you need to protect access to Ops very strongly. TODO: fix all vulnerabilities in ops/. Get rid of the DB browsing features; use phpmysqladmin.
This commit is contained in:
parent
5b6f648570
commit
aba8af3bc0
|
@ -1162,7 +1162,7 @@ function show_result_short($result) {
|
|||
$validate_color = validate_color($result->validate_state);
|
||||
$host_user = host_user_link($result->hostid);
|
||||
$cpu_hours = sprintf("%.1f",$result->cpu_time / 3600);
|
||||
$granted_credit = "<a href=credit.php?resultid=$result->id>".credit_str($result->granted_credit)."</a>";
|
||||
$granted_credit = "<a href=credit.php?wu_id=$result->workunitid>".credit_str($result->granted_credit)."</a>";
|
||||
$delete_state = file_delete_state_str($result->file_delete_state);
|
||||
|
||||
echo "
|
||||
|
|
|
@ -29,11 +29,13 @@ if (!$log_dir) {
|
|||
|
||||
if( isset($_GET["f"]) ){
|
||||
$f = $_GET["f"];
|
||||
$f = escapeshellcmd($f);
|
||||
} else {
|
||||
$f = "";
|
||||
}
|
||||
if( isset($_GET["s"]) ){
|
||||
$s = $_GET["s"];
|
||||
$s = escapeshellcmd($s);
|
||||
} else {
|
||||
$s = "";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue