summaryrefslogtreecommitdiffstats
path: root/admin/WebConsole/includes
diff options
context:
space:
mode:
authorJavier Sánchez Parra <jsanchez@soleta.eu>2021-05-05 13:12:33 +0200
committerOpenGnSys Support Team <soporte-og@soleta.eu>2021-05-10 10:33:10 +0200
commitbaa9cb0fbb02acef896d1b5e0cb316bd993f5d1a (patch)
tree5648e8201aff74b4050275741e20cfa8cbcd9b8e /admin/WebConsole/includes
parent8634dd3ac37bc821afd0e7f321eb0064247074a2 (diff)
#804 Limit legacy SocketHidra key-value split
This bug was found by USAL and UPV. They reported that WebConsole was showing scripts incompletely if they contain "=". SocketHidra stores key-value pair as "<key>=<value>" string, and the parser splits the string on "=" characters and pick the first two elements. Thus, if the value also contains "=", the parser splits it and only picks the first part. Note: keys strings never contain "=". With "scp=this=is=a=test" as example BEFORE this commit the parser returns "scp" as key "this" as value AFTER this commit the parser returns "spc" as key "this=is=a=test" as value Limit legacy SocketHidra key-value split to two elements, key and value. This commit also removes script decoding because WebConsole stores them decoded since v1.2.0.
Diffstat (limited to 'admin/WebConsole/includes')
-rw-r--r--admin/WebConsole/includes/comunes.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/admin/WebConsole/includes/comunes.php b/admin/WebConsole/includes/comunes.php
index 213e764e..f12ea94a 100644
--- a/admin/WebConsole/includes/comunes.php
+++ b/admin/WebConsole/includes/comunes.php
@@ -151,7 +151,7 @@
$html="";
$auxprm=explode($ch,$parametros);
for($i=0;$i<sizeof($auxprm);$i++){
- list($nemonico,$valor)=explode("=",$auxprm[$i]);
+ list($nemonico, $valor) = explode("=", $auxprm[$i], 2);
if(isset($tbParametros[$nemonico])){
if($tbParametros[$nemonico]["visual"]==1){
$tbParametrosValor[$nemonico]["descripcion"]=$tbParametros[$nemonico]["descripcion"];
@@ -181,7 +181,7 @@
$tbParametrosValor[$nemonico]["valor"]=$tbcte[$valor];
break;
case 4: // El valor lo toma directamente pero está codificado con urlencode
- $tbParametrosValor[$nemonico]["valor"]='<PRE>'.urldecode($valor).'</PRE>';
+ $tbParametrosValor[$nemonico]["valor"]='<PRE>'.$valor.'</PRE>';
break;
case 5: // El valor es 0 ó 1 y se muestra NO o SI
$tbSN[0]="No";