clones/librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-09-21 10:28:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: Stop accepting other variables in install that we do not use (#7511)

Browse Source
This commit is contained in:
Neil Lathwood 2017-10-18 13:19:16 +01:00 committed by laf
parent 9009633392
commit cbc2757cea
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
html/install.php
View File

@ -3,7 +3,12 @@ session_start();
if (empty($_POST) && !empty($_SESSION) && !isset($_REQUEST['stage'])) {
$_POST = $_SESSION;
} elseif (!file_exists("../config.php")) {
$_SESSION = array_replace($_SESSION, $_POST);
$allowed_vars = array('stage','build-ok','dbhost','dbuser','dbpass','dbname','dbport','dbsocket','add_user','add_pass','add_email');
foreach ($allowed_vars as $allowed) {
if (isset($_POST[$allowed])) {
$_SESSION[$allowed] = $_POST[$allowed];
}
}
}
$stage = isset($_POST['stage']) ? $_POST['stage'] : 0;