From 048bb82a0e2c814da90816657ecedf59fedf8dbd Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 18 Feb 2014 09:29:56 -0300 Subject: Fixes #3459. Avoid shell/XSS issues applying htmlspecialchars to input param logfile --- config/snort/snort_log_view.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php index babae205..beec1aa7 100644 --- a/config/snort/snort_log_view.php +++ b/config/snort/snort_log_view.php @@ -41,14 +41,15 @@ $contents = ''; // Read the contents of the argument passed to us. // Is it a fully qualified path and file? -if (file_exists($_GET['logfile'])) - if (substr(realpath($_GET['logfile']), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) - $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} can not be viewed!"); +$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401); +if (file_exists($logfile)) + if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) + $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!"); else - $contents = file_get_contents($_GET['logfile']); + $contents = file_get_contents($logfile); // It is not something we can display, so print an error. else - $contents = gettext("\n\nERROR -- File: {$_GET['logfile']} not found!"); + $contents = gettext("\n\nERROR -- File: {$logfile} not found!"); $pgtitle = array(gettext("Snort"), gettext("Log File Viewer")); ?> @@ -72,7 +73,7 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer")); -  ' . $_GET['logfile']; ?>     +  ' . $logfile; ?>     -- cgit v1.2.3