Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP5:Update
phoronix-test-suite.18273
fix-CVE-2022-40704.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2022-40704.patch of Package phoronix-test-suite.18273
From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001 From: Michael Larabel <michael@phoronix.com> Date: Sat, 23 Jul 2022 07:32:43 -0500 Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in phoromatic_quit_if_invalid_input_found() Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678 --- pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php index 74ccc5444c..c2313dcdea 100644 --- a/pts-core/phoromatic/phoromatic_functions.php +++ b/pts-core/phoromatic/phoromatic_functions.php @@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null) { foreach($input_keys as $key) { - if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key])) + if(isset($_GET[$key]) && !empty($_GET[$key])) { - foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check) + foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check) + { + if(stripos($val_to_check, $invalid_string) !== false) + { + echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check); + exit; + } + } + } + if(isset($_POST[$key]) && !empty($_POST[$key])) + { + foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check) { if(stripos($val_to_check, $invalid_string) !== false) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor