search

clonos / control-pane

ClonOS WEB control panel (CBSD WEB UI)
https://clonos.tekroutine.com
128 stars 31 forks source link

Security issue #27

Closed bozhinov closed 3 years ago

bozhinov commented 3 years ago

https://github.com/clonos/control-pane/blob/ae73df7b69810d02bf126898074de5634a3e6f1a/php/clonos.php#L122

Hello, I would add additional validation here as the cookie value is directly used for the include.

Thanks for the code. I m still reviewing it but seems to be what I need.

Momchil

moveee commented 3 years ago

Fixed, thanks!

olevole commented 3 years ago

just for clarification: https://github.com/clonos/control-pane/commit/02b1652fa6ce290550856d37d5d4394a9a4e7072#diff-14648471e4e7be6971642afbe7444876f220740a7e13300f1a0e4e6d4e6a989eR119-R126 probably should fix any invalid data

bozhinov commented 3 years ago

It will. always happy to see a quick response.

I ll give it another look once that WIP becomes RELEASE