Bug #2494
diag_packet_capture.php needs input validation
| Status: | Resolved | Start date: | 06/12/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Darren Embry |
% Done: | 100% |
|
| Category: | Web Interface | |||
| Target version: | 2.1 | |||
| Affected version: | All | Affected Architecture: |
Description
diag_packet_capture.php does minimal if any input validation. Every field on that page needs to be verified.
Interface: Valid interface is submitted
Address family: valid address family submitted
Host address: Valid IP address or CIDR subnet
Port: 1-65535
Packet length: positive integer
Count: positive integer
Level of detail: one of the options in the drop down
Associated revisions
add validation to fields on diag_packet_capture
fixes #2494
validate dropdowns for security reasons
really fixes #2494 :-)
History
#1
Updated by Jim P 11 months ago
Some of this is already done but doesn't actually report an error to the user, it simply leaves the invalid parameters out of the tcpdump command.
Might need to rework the page a bit to properly produce errors for invalid input.
#2
Updated by Darren Embry 11 months ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
fixed in github.
not quite sure that dropdowns need additional validation because you can't select an option that isn't in the dropdown ;-) and 'any' is a valid option for some of them.
#3
Updated by Darren Embry 11 months ago
- Status changed from Resolved to Assigned
#4
Updated by Darren Embry 11 months ago
- % Done changed from 100 to 90
#5
Updated by Darren Embry 11 months ago
- Status changed from Assigned to Feedback
- % Done changed from 90 to 100
Applied in changeset 622caf8fee84e0744da2b4cd9ea5d1fc4c499388.