mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
security: Stop accepting other variables in install that we do not use (#7511)
This commit is contained in:
parent
9009633392
commit
cbc2757cea
@ -3,7 +3,12 @@ session_start();
|
||||
if (empty($_POST) && !empty($_SESSION) && !isset($_REQUEST['stage'])) {
|
||||
$_POST = $_SESSION;
|
||||
} elseif (!file_exists("../config.php")) {
|
||||
$_SESSION = array_replace($_SESSION, $_POST);
|
||||
$allowed_vars = array('stage','build-ok','dbhost','dbuser','dbpass','dbname','dbport','dbsocket','add_user','add_pass','add_email');
|
||||
foreach ($allowed_vars as $allowed) {
|
||||
if (isset($_POST[$allowed])) {
|
||||
$_SESSION[$allowed] = $_POST[$allowed];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$stage = isset($_POST['stage']) ? $_POST['stage'] : 0;
|
||||
|
Loading…
Reference in New Issue
Block a user