Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix RCE vulnerability in inc.setWlanIpMail.php #2439

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Fix RCE vulnerability in inc.setWlanIpMail.php #2439

wants to merge 1 commit into from

Conversation

s-martin
Copy link
Collaborator

@s-martin s-martin commented Oct 15, 2024
edited
Loading

Fix the Remote Code Execution (RCE) vulnerability in htdocs/inc.setWlanIpMail.php by sanitizing and validating user input. See #2396

  • Sanitization and Validation:

    • Add validation for the email address using filter_var with FILTER_VALIDATE_EMAIL.
    • Add sanitization for the email address using htmlspecialchars.
    • Replace the exec function with shell_exec to prevent command injection.

  • Unit Tests:

    • Add tests/htdocs/inc/SetWlanIpMailTest.php to validate the email address using filter_var with FILTER_VALIDATE_EMAIL.
    • Add unit tests to sanitize the email address using htmlspecialchars.
    • Add unit tests to ensure the exec function is replaced with shell_exec.

For more details, open the Copilot Workspace session.

@s-martin
Fix RCE vulnerability in inc.setWlanIpMail.php
9d78963 
Fix the Remote Code Execution (RCE) vulnerability in `htdocs/inc.setWlanIpMail.php` by sanitizing and validating user input. See #2396

* **Sanitization and Validation:**
  - Add validation for the email address using `filter_var` with `FILTER_VALIDATE_EMAIL`.
  - Add sanitization for the email address using `htmlspecialchars`.
  - Replace the `exec` function with `shell_exec` to prevent command injection.

* **Unit Tests:**
  - Add `tests/htdocs/inc/SetWlanIpMailTest.php` to validate the email address using `filter_var` with `FILTER_VALIDATE_EMAIL`.
  - Add unit tests to sanitize the email address using `htmlspecialchars`.
  - Add unit tests to ensure the `exec` function is replaced with `shell_exec`.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/MiczFlor/RPi-Jukebox-RFID?shareId=XXXX-XXXX-XXXX-XXXX).
@s-martin s-martin added php legacy_v2 Issues, discussions and PRs related to Version 2.x labels Oct 15, 2024
@coveralls
Copy link

Pull Request Test Coverage Report for Build 11354492057

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 78.51%
Totals Coverage Status
Change from base Build 11139253723: 0.0%
Covered Lines: 453
Relevant Lines: 577
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
legacy_v2 Issues, discussions and PRs related to Version 2.x php
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@s-martin @coveralls