phoromatic: Additional input sanitization / safety checks

phoronix-test-suite · Jun 25, 2022 · e4ff084 · e4ff084
1 parent 6ebfe5a
commit e4ff084
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 1 deletion.
diff --git a/pts-core/objects/pts_result_viewer_embed.php b/pts-core/objects/pts_result_viewer_embed.php
@@ -36,6 +36,11 @@ public function __construct(&$result_file, $public_id = null)
 	{
 		$this->result_file = &$result_file;
 		$this->result_public_id = $public_id;
+
+		if(isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI']))
+		{
+			pts_strings::exit_if_contains_unsafe_data($_SERVER['REQUEST_URI']);
+		}
 	}
 	public function allow_modifying_results($can_modify)
 	{

diff --git a/pts-core/objects/pts_strings.php b/pts-core/objects/pts_strings.php
@@ -791,6 +791,22 @@ public static function safety_strings_to_reject()
 	{
 		return array('<', '>', 'document.write', '../', 'onerror', 'onload', 'alert(', 'String.', 'confirm(', 'focus=', '&lt', '&gt', '&#');
 	}
+	public static function exit_if_contains_unsafe_data($check, $exit_msg = 'Exited due to suspicious URL.')
+	{
+		if(empty($check))
+		{
+			return;
+		}
+
+		foreach(pts_strings::safety_strings_to_reject() as $invalid_string)
+		{
+			if(stripos($check, $invalid_string) !== false)
+			{
+				echo '<strong>' . $exit_msg . '</strong>';
+				exit;
+			}
+		}
+	}
 }
 
 ?>
diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php
@@ -87,6 +87,11 @@ function phoromatic_init_web_page_setup()
 
 	include('../../pts-core.php');
 	pts_core::init();
+
+	if(isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI']))
+	{
+		pts_strings::exit_if_contains_unsafe_data($_SERVER['REQUEST_URI']);
+	}
 }
 function phoromatic_webui_header($left_items, $right = null)
 {

diff --git a/pts-core/phoromatic/public_html/public.php b/pts-core/phoromatic/public_html/public.php
@@ -178,7 +178,7 @@
 
 	$result_limit = isset($_POST['result_limit']) && is_numeric($_POST['result_limit']) && $_POST['result_limit'] > 9 ? $_POST['result_limit'] : 50;
 	$main .= '<br /><br /><br />';
-	$main .= '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post"><div style="text-align: left; font-weight: bold;">Show Results For <select id="result_time_limit" name="time">';
+	$main .= '<form method="post"><div style="text-align: left; font-weight: bold;">Show Results For <select id="result_time_limit" name="time">';
 	$results_for_length = array(
 		'24 hours' => '24 Hours',
 		'3 days' => '3 Days',