Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix RCE vulnerability in inc.setWlanIpMail.php #2439

Closed
wants to merge 1 commit into from

Conversation

s-martin
Copy link
Collaborator

@s-martin s-martin commented Oct 15, 2024

Fix the Remote Code Execution (RCE) vulnerability in htdocs/inc.setWlanIpMail.php by sanitizing and validating user input. See #2396

  • Sanitization and Validation:

    • Add validation for the email address using filter_var with FILTER_VALIDATE_EMAIL.
    • Add sanitization for the email address using htmlspecialchars.
    • Replace the exec function with shell_exec to prevent command injection.
  • Unit Tests:

    • Add tests/htdocs/inc/SetWlanIpMailTest.php to validate the email address using filter_var with FILTER_VALIDATE_EMAIL.
    • Add unit tests to sanitize the email address using htmlspecialchars.
    • Add unit tests to ensure the exec function is replaced with shell_exec.

For more details, open the Copilot Workspace session.

Fix the Remote Code Execution (RCE) vulnerability in `htdocs/inc.setWlanIpMail.php` by sanitizing and validating user input. See #2396

* **Sanitization and Validation:**
  - Add validation for the email address using `filter_var` with `FILTER_VALIDATE_EMAIL`.
  - Add sanitization for the email address using `htmlspecialchars`.
  - Replace the `exec` function with `shell_exec` to prevent command injection.

* **Unit Tests:**
  - Add `tests/htdocs/inc/SetWlanIpMailTest.php` to validate the email address using `filter_var` with `FILTER_VALIDATE_EMAIL`.
  - Add unit tests to sanitize the email address using `htmlspecialchars`.
  - Add unit tests to ensure the `exec` function is replaced with `shell_exec`.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/MiczFlor/RPi-Jukebox-RFID?shareId=XXXX-XXXX-XXXX-XXXX).
@s-martin s-martin added php legacy_v2 Issues, discussions and PRs related to Version 2.x labels Oct 15, 2024
@coveralls
Copy link

Pull Request Test Coverage Report for Build 11354492057

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 78.51%

Totals Coverage Status
Change from base Build 11139253723: 0.0%
Covered Lines: 453
Relevant Lines: 577

💛 - Coveralls

@s-martin
Copy link
Collaborator Author

s-martin commented Nov 7, 2024

Closing Copilot test

@s-martin s-martin closed this Nov 7, 2024
@s-martin s-martin deleted the s-martin/fix-rce-vulnerability branch November 7, 2024 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
legacy_v2 Issues, discussions and PRs related to Version 2.x php
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants