gitlabFork/ISPConfig3.git - Solinfo Gitblit

gitlabFork / ISPConfig3

ISPConfig3 devel

summary
reflog
commits
tree
docs
forks
compare

parent: 3b09eb9e | patch | commit | ignore whitespace

Added check for content of redirect variable.

Till Brehm

2015-04-17 a72b8b56f6fe1e6274835bc8bd190551d074193d

Added check for content of redirect variable.

1 files modified

interface/web/capp.php

1 ●●●●● patch | view | raw | blame | history

 interface/web/capp.php

@@ -43,6 +43,7 @@
}

if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,5}$/i", $redirect)) die('redirect contains unallowed chars.');

//* Check if user may use the module.
$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);

			@@ -43,6 +43,7 @@
			}

			if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
			if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,5}$/i", $redirect)) die('redirect contains unallowed chars.');

			//* Check if user may use the module.
			$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);