composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°3412 - Command Injection vulnerability in the Setup Wizard - handle empty path

Browse Source
This commit is contained in:
odain
2021-02-17 07:50:10 +01:00
parent 83434b5506
commit a12959d60e
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
setup/setuputils.class.inc.php
View File

@@ -554,19 +554,21 @@ class SetupUtils
return new CheckResult(CheckResult::ERROR, "The PHP exec() function has been disabled on this server");
}
clearstatcache();
if (!is_file($sGraphvizPath) || ! is_executable($sGraphvizPath)){
//N°3412 avoid shell injection
return new CheckResult(CheckResult::ERROR, "$sGraphvizPath could not be executed: Please make sure it is installed and in the path");
}
$sGraphvizPath = escapeshellcmd($sGraphvizPath);
// availability of dot / dot.exe
if (empty($sGraphvizPath))
{
$sGraphvizPath = 'dot';
} else {
clearstatcache();
if (!is_file($sGraphvizPath) || !is_executable($sGraphvizPath)) {
//N°3412 avoid shell injection
return new CheckResult(CheckResult::ERROR,
"$sGraphvizPath could not be executed: Please make sure it is installed and in the path");
}
$sGraphvizPath = escapeshellcmd($sGraphvizPath);
}
$sCommand = "\"$sGraphvizPath\" -V 2>&1";
$aOutput = array();