From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.
---
interface/web/admin/remote_action_ispcupdate.php | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 3abcd71..a72f942 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -27,6 +27,8 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+//die('Function has been removed.');
+
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
@@ -48,6 +50,7 @@
/*
* We need a list of all Servers
*/
+
$sysServers = $app->db->queryAllRecords("SELECT server_id, server_name FROM server order by server_name");
$dropDown = "<option value='*'>" . $wb['select_all_server'] . "</option>";
foreach ($sysServers as $server) {
@@ -60,7 +63,9 @@
/*
* If the user wants to do the action, write this to our db
*/
-if (isset($_POST['server_select'])) {
+
+//* Note: Disabled post action
+if (1 == 0 && isset($_POST['server_select'])) {
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -74,7 +79,7 @@
$servers[] = $_POST['server_select'];
}
foreach ($servers as $serverId) {
- $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_status, response) " .
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
"VALUES (".
(int)$serverId . ", " .
time() . ", " .
--
Gitblit v1.9.1