Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-05-01 22:24:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix security issue when using list functionality via api.php

Browse Source 
Remote code execution could have been triggered by activating some list
functionality (add and remove) via api.php.

Thanks to Kacper Szurek for finding this bug.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
This commit is contained in:
Mcat12
2019-03-02 13:51:29 -08:00
parent 16d06d6948
commit 24a22bcb55
3 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/pi-hole/php/auth.php
View File

@@ -142,14 +142,5 @@ function list_verify($type) {
{
log_and_die("Not allowed!");
}
// Don't check if the added item is a
// valid domain for regex expressions
// Regex filters are validated by FTL
// on import and skipped if invalid
if($_POST['list'] !== "regex")
{
check_domain();
}
}
?>