Strona główna Odkrywaj Pomoc
Zaloguj się
yosoyhendrix
/
OGP-Website
kopia lustrzana https://github.com/OpenGamePanel/OGP-Website
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Security Hardening

own3mall 4 lat temu
rodzic
ccbe720203
commit
6567bf249e
3 zmienionych plików z 3 dodań i 3 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 1 1
      includes/api_functions.php
  2. 1 1
      modules/gamemanager/cfg_text_replace.php
  3. 1 1
      modules/gamemanager/home_handling_functions.php

+ 1 - 1
includes/api_functions.php
Wyświetl plik 

@@ -144,7 +144,7 @@ function get_start_cmd($user_info,$remote,$server_xml,$home_info,$mod_id,$ip,$po
 
 		$cli_param_data['QUERY_PORT'] = $port + 24;
 
 	}
 
 	
-	$cli_param_data['MAP'] = ($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'];
 
+	$cli_param_data['MAP'] = clean_server_param_value(($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'], $server_xml->cli_allow_chars);
 
 	$cli_param_data['PLAYERS'] = ($last_param === NULL or !isset($last_param['players'])) ? 
 								 isset($home_info['mods'][$mod_id]['max_players']) ? 
 								 $home_info['mods'][$mod_id]['max_players'] : "1" : $last_param['players'];

+ 1 - 1
modules/gamemanager/cfg_text_replace.php
Wyświetl plik 

@@ -34,7 +34,7 @@ $last_param = json_decode($db->getLastParam($server_home["home_id"]), True);
 
 $server_home["max_players"] = isset($cli_param_data['PLAYERS']) ? $cli_param_data['PLAYERS'] : $last_param['players'];
 
 $server_home["webhost_ip"] = $_SERVER['SERVER_ADDR'];
 
 $server_home["incremental"] = $db->incrementalNumByHomeId( $server_home["home_id"], $server_home["mod_cfg_id"], $server_home["remote_server_id"] );
 
-$server_home["map"] = isset($cli_param_data['MAP']) ? $cli_param_data['MAP'] : $last_param['map'];
 
+$server_home["map"] = clean_server_param_value(isset($cli_param_data['MAP']) ? $cli_param_data['MAP'] : $last_param['map'], $server_xml->cli_allow_chars);
 
 
 $isWin = preg_match('/CYGWIN/', $remote->what_os());

+ 1 - 1
modules/gamemanager/home_handling_functions.php
Wyświetl plik 

@@ -104,7 +104,7 @@ function get_start_cmd($remote,$server_xml,$home_info,$mod_id,$ip,$port,$db)
 
 		$cli_param_data['QUERY_PORT'] = "10011";
 
 	}
 
 	
-	$cli_param_data['MAP'] = ($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'];
 
+	$cli_param_data['MAP'] = clean_server_param_value(($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'], $server_xml->cli_allow_chars);
 
 	$cli_param_data['PLAYERS'] = ($last_param === NULL or !isset($last_param['players'])) ? 
 								 isset($home_info['mods'][$mod_id]['max_players']) ? 
 								 $home_info['mods'][$mod_id]['max_players'] : "1" : $last_param['players'];