diff options
| author | John Klug <john.klug@multitech.com> | 2019-12-10 18:34:39 -0600 |
|---|---|---|
| committer | John Klug <john.klug@multitech.com> | 2019-12-10 18:34:39 -0600 |
| commit | c6c7b0f384aba0427470c9d184f81d5c9a7af1a1 (patch) | |
| tree | 59e52f9692277b6f6ec4df8bc997aa6a3cbdbb36 | |
| parent | 2700e1d081d78a3c280cd3ef68b39032b305425c (diff) | |
| download | commissioning-c6c7b0f384aba0427470c9d184f81d5c9a7af1a1.tar.gz commissioning-c6c7b0f384aba0427470c9d184f81d5c9a7af1a1.tar.bz2 commissioning-c6c7b0f384aba0427470c9d184f81d5c9a7af1a1.zip | |
Disallow " in User-ID to prevent shell interpretation
| -rw-r--r-- | www/commission/index.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/www/commission/index.php b/www/commission/index.php index ef8b68d..4c0ac81 100644 --- a/www/commission/index.php +++ b/www/commission/index.php @@ -74,6 +74,8 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ $username_err = "Please enter a username."; } elseif ($userlen > 80) { $username_err = "mLinux username must not exceed 32 characters"; + } elseif (strstr($username,"\"")) { + $username_err = "invalid character(s) in username"; } else { syslog(LOG_ALERT, "Enter username check: $username"); $id = chk_username($username); |