diff options
author | Javier Sánchez Parra <jsanchez@soleta.eu> | 2021-05-05 13:12:33 +0200 |
---|---|---|
committer | OpenGnSys Support Team <soporte-og@soleta.eu> | 2021-05-10 10:33:10 +0200 |
commit | baa9cb0fbb02acef896d1b5e0cb316bd993f5d1a (patch) | |
tree | 5648e8201aff74b4050275741e20cfa8cbcd9b8e /admin/WebConsole/includes | |
parent | 8634dd3ac37bc821afd0e7f321eb0064247074a2 (diff) |
#804 Limit legacy SocketHidra key-value split
This bug was found by USAL and UPV. They reported that WebConsole was
showing scripts incompletely if they contain "=".
SocketHidra stores key-value pair as "<key>=<value>" string, and the
parser splits the string on "=" characters and pick the first two
elements. Thus, if the value also contains "=", the parser splits it and
only picks the first part.
Note: keys strings never contain "=".
With "scp=this=is=a=test" as example
BEFORE this commit the parser returns
"scp" as key
"this" as value
AFTER this commit the parser returns
"spc" as key
"this=is=a=test" as value
Limit legacy SocketHidra key-value split to two elements, key and value.
This commit also removes script decoding because WebConsole stores
them decoded since v1.2.0.
Diffstat (limited to 'admin/WebConsole/includes')
-rw-r--r-- | admin/WebConsole/includes/comunes.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/admin/WebConsole/includes/comunes.php b/admin/WebConsole/includes/comunes.php index 213e764e..f12ea94a 100644 --- a/admin/WebConsole/includes/comunes.php +++ b/admin/WebConsole/includes/comunes.php @@ -151,7 +151,7 @@ $html=""; $auxprm=explode($ch,$parametros); for($i=0;$i<sizeof($auxprm);$i++){ - list($nemonico,$valor)=explode("=",$auxprm[$i]); + list($nemonico, $valor) = explode("=", $auxprm[$i], 2); if(isset($tbParametros[$nemonico])){ if($tbParametros[$nemonico]["visual"]==1){ $tbParametrosValor[$nemonico]["descripcion"]=$tbParametros[$nemonico]["descripcion"]; @@ -181,7 +181,7 @@ $tbParametrosValor[$nemonico]["valor"]=$tbcte[$valor]; break; case 4: // El valor lo toma directamente pero está codificado con urlencode - $tbParametrosValor[$nemonico]["valor"]='<PRE>'.urldecode($valor).'</PRE>'; + $tbParametrosValor[$nemonico]["valor"]='<PRE>'.$valor.'</PRE>'; break; case 5: // El valor es 0 ó 1 y se muestra NO o SI $tbSN[0]="No"; |