diff options
Diffstat (limited to 'plugins/webinterface/php_handler.cpp')
| -rw-r--r-- | plugins/webinterface/php_handler.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp index d2c2f55..cd8fd63 100644 --- a/plugins/webinterface/php_handler.cpp +++ b/plugins/webinterface/php_handler.cpp @@ -82,7 +82,9 @@ namespace kt for ( it = args.begin(); it != args.end(); ++it ) { - ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); + // Check for string delimiters, don't want PHP injection attacks + if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) + ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); } ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script ts << flush; @@ -98,6 +100,11 @@ namespace kt #endif return launch(data); } + + bool PhpHandler::containsDelimiters(const QString & str) + { + return str.contains("\"") || str.contains("'"); + } void PhpHandler::onExited() { |