From 39caa92a625622f7958da462cc5cb685d8ad8dca Mon Sep 17 00:00:00 2001
From: osaajani <>
Date: Wed, 17 Jun 2020 19:08:11 +0200
Subject: [PATCH] Fix command bash injection using filename + add constant to
disable commands
---
controllers/internals/Command.php | 13 ++++++++++++-
controllers/publics/Command.php | 8 ++++++++
templates/incs/nav.php | 8 +++++---
3 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/controllers/internals/Command.php b/controllers/internals/Command.php
index 38fa70a..1f2d9a9 100644
--- a/controllers/internals/Command.php
+++ b/controllers/internals/Command.php
@@ -78,6 +78,11 @@ namespace controllers\internals;
*/
public function analyze_and_process (int $id_user, string $message)
{
+ if (!ENABLE_COMMAND)
+ {
+ return false;
+ }
+
$extracted_command = [];
$decode_message = json_decode(trim($message), true);
@@ -127,7 +132,13 @@ namespace controllers\internals;
$decode_message['password'] = '******';
$updated_text = json_encode($decode_message);
- $generated_command = PWD_SCRIPTS . '/' . $find_command['script'];
+ $script = $find_command['script'];
+ while (str_replace('..', '', $script) !== $script)
+ {
+ $script = str_replace('..', '', $script);
+ }
+
+ $generated_command = PWD_SCRIPTS . '/' . escapeshellarg($script);
$args = $decode_message['args'] ?? '';
$generated_command .= ' ' . escapeshellcmd($args);
diff --git a/controllers/publics/Command.php b/controllers/publics/Command.php
index 0c475f5..c3cf06a 100644
--- a/controllers/publics/Command.php
+++ b/controllers/publics/Command.php
@@ -27,6 +27,14 @@ namespace controllers\publics;
$this->internal_event = new \controllers\internals\Event($bdd);
\controllers\internals\Tool::verifyconnect();
+
+ if (!ENABLE_COMMAND)
+ {
+ \FlashMessage\FlashMessage::push('danger', 'Les commandes sont désactivées.');
+ $this->redirect(\descartes\Router::url('Dashboard', 'show'));
+
+ exit(0);
+ }
}
/**
diff --git a/templates/incs/nav.php b/templates/incs/nav.php
index 0535bca..f7d7e3e 100644
--- a/templates/incs/nav.php
+++ b/templates/incs/nav.php
@@ -80,9 +80,11 @@
- >
- Commandes
-
+
+ >
+ Commandes
+
+
>
Webhooks