diff options
author | nachoparker <nacho@ownyourbits.com> | 2018-06-11 12:35:18 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2018-06-11 12:35:27 +0300 |
commit | 75cfd80e6a2e640557e475a4e165085aa06e969d (patch) | |
tree | f500ecac86e3126d928ad66e02528ed8d3232c66 | |
parent | 01b6349d163a84a78f912ea9a54e4394d8194d45 (diff) |
ncp-web: fix sanitization for fail2banv0.56.20
-rw-r--r-- | changelog.md | 4 | ||||
-rw-r--r-- | ncp-web/ncp-launcher.php | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/changelog.md b/changelog.md index 599209e2..d597a9e9 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v0.56.19](https://github.com/nextcloud/nextcloudpi/commit/f08c238) (2018-06-06) add ncc command, shortcut of occ +[v0.56.20](https://github.com/nextcloud/nextcloudpi/commit/6240d00) (2018-06-11) ncp-web: fix sanitization for fail2ban + +[v0.56.19](https://github.com/nextcloud/nextcloudpi/commit/09daa19) (2018-06-06) add ncc command, shortcut of occ [v0.56.18](https://github.com/nextcloud/nextcloudpi/commit/8914348) (2018-06-06) NFS: fix dependency with automount diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php index 0b28f4c8..35fe2f7b 100644 --- a/ncp-web/ncp-launcher.php +++ b/ncp-web/ncp-launcher.php @@ -95,7 +95,7 @@ else if ( $_POST['action'] == "launch" && $_POST['config'] ) // sanity checks if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' ); - preg_match( '/^[a-z-]+$/' , $_POST['ref'] , $matches ) + preg_match( '/^[0-9A-Za-z-]+$/' , $_POST['ref'] , $matches ) or exit( '{ "output": "Invalid input" , "token": "' . getCSRFToken() . '" }' ); // CSRF check |