Skip to content

Commit

Permalink
Added escapes for the outputted data, to prevent an XSS injection.
Browse files Browse the repository at this point in the history
  • Loading branch information
AlexeyPlodenko committed Apr 1, 2024
1 parent 0da3c16 commit 24dc159
Show file tree
Hide file tree
Showing 6 changed files with 143 additions and 143 deletions.
50 changes: 25 additions & 25 deletions src/public/commands/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,19 +40,19 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->get($server['hostname'], $server['port'], $_REQUEST['request_key']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->get($server['hostname'], $server['port'], $_REQUEST['request_key'])));
}
} # Ask for get on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->get($server['hostname'], $server['port'], $_REQUEST['request_key']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->get($server['hostname'], $server['port'], $_REQUEST['request_key'])));
} # Ask for get on all servers
else {
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->get($server['hostname'], $server['port'], $_REQUEST['request_key']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->get($server['hostname'], $server['port'], $_REQUEST['request_key'])));
}
}
}
Expand All @@ -64,19 +64,19 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->set($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_data'], $_REQUEST['request_duration']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->set($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_data'], $_REQUEST['request_duration'])));
}
} # Ask for set on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server set command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->set($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_data'], $_REQUEST['request_duration']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->set($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_data'], $_REQUEST['request_duration'])));
} # Ask for set on all servers
else {
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server set command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->set($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_data'], $_REQUEST['request_duration']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->set($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_data'], $_REQUEST['request_duration'])));
}
}
}
Expand All @@ -88,19 +88,19 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->delete($server['hostname'], $server['port'], $_REQUEST['request_key']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->delete($server['hostname'], $server['port'], $_REQUEST['request_key'])));
}
} # Ask for delete on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server delete command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->delete($server['hostname'], $server['port'], $_REQUEST['request_key']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->delete($server['hostname'], $server['port'], $_REQUEST['request_key'])));
} # Ask for delete on all servers
else {
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server delete command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->delete($server['hostname'], $server['port'], $_REQUEST['request_key']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->delete($server['hostname'], $server['port'], $_REQUEST['request_key'])));
}
}
}
Expand All @@ -117,19 +117,19 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server increment command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->increment($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->increment($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value'])));
}
} # Ask for increment on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server increment command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->increment($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->increment($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value'])));
} # Ask for increment on all servers
else {
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server increment command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->increment($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->increment($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value'])));
}
}
}
Expand All @@ -146,19 +146,19 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server decrement command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->decrement($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->decrement($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value'])));
}
} # Ask for decrement on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server decrement command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->decrement($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->decrement($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value'])));
} # Ask for decrement on all servers
else {
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server decrement command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->decrement($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->decrement($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_value'])));
}
}
}
Expand All @@ -175,19 +175,19 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->flush_all($server['hostname'], $server['port'], $_REQUEST['request_delay']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->flush_all($server['hostname'], $server['port'], $_REQUEST['request_delay'])));
}
} # Ask for flush_all on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server flush_all command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->flush_all($server['hostname'], $server['port'], $_REQUEST['request_delay']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->flush_all($server['hostname'], $server['port'], $_REQUEST['request_delay'])));
} # Ask for flush_all on all servers
else {
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server flush_all command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->flush_all($server['hostname'], $server['port'], $_REQUEST['request_delay']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api($_REQUEST['request_api'])->flush_all($server['hostname'], $server['port'], $_REQUEST['request_delay'])));
}
}
}
Expand All @@ -199,20 +199,20 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server get command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->search($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_level'], $_REQUEST['request_more']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->search($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_level'], $_REQUEST['request_more'])));
}
} # Ask for search on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server search command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->search($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_level'], $_REQUEST['request_more']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->search($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_level'], $_REQUEST['request_more'])));
} # Ask for search on all servers
else {
# Looking into each cluster
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server search command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->search($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_level'], $_REQUEST['request_more']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->search($server['hostname'], $server['port'], $_REQUEST['request_key'], $_REQUEST['request_level'], $_REQUEST['request_more'])));
}
}
}
Expand All @@ -224,20 +224,20 @@
if (isset($_REQUEST['request_server']) && ($cluster = $_ini->cluster($_REQUEST['request_server']))) {
foreach ($cluster as $server) {
# Dumping server telnet command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->telnet($server['hostname'], $server['port'], $_REQUEST['request_telnet']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->telnet($server['hostname'], $server['port'], $_REQUEST['request_telnet'])));
}
} # Ask for a telnet command on one server
elseif (isset($_REQUEST['request_server']) && ($server = $_ini->server($_REQUEST['request_server']))) {
# Dumping server telnet command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->telnet($server['hostname'], $server['port'], $_REQUEST['request_telnet']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->telnet($server['hostname'], $server['port'], $_REQUEST['request_telnet'])));
} # Ask for a telnet command on all servers
else {
# Looking into each cluster
foreach ($_ini->get('servers') as $cluster => $servers) {
# Asking for each server stats
foreach ($servers as $server) {
# Dumping server telnet command response
echo Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->telnet($server['hostname'], $server['port'], $_REQUEST['request_telnet']));
echo htmlspecialchars(Components::serverResponse($server['hostname'], $server['port'], Factory::api('Server')->telnet($server['hostname'], $server['port'], $_REQUEST['request_telnet'])));
}
}
}
Expand All @@ -255,4 +255,4 @@
break;
}

ob_end_flush();
ob_end_flush();
2 changes: 1 addition & 1 deletion src/view/livestats/frame.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
?>
<script type="text/javascript">
var timeout = <?php echo $refresh_rate * 1000; ?>;
var page = '/stats?request_command=live_stats&cluster=<?php echo $cluster; ?>';
var page = '/stats?request_command=live_stats&cluster=<?php echo urlencode($cluster); ?>';
setTimeout("ajax(page,'stats')", <?php echo (5 + $refresh_rate - $_ini->get('refresh_rate')) * 1000; ?>);
</script>

Expand Down
8 changes: 4 additions & 4 deletions src/view/stats/error.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
# Asking server of cluster stats
if(isset($_REQUEST['server']))
{
echo ($_ini->cluster($_REQUEST['server'])) ? 'All servers from Cluster ' . $_REQUEST['server'] : 'Server ' . $_REQUEST['server'], ' did not respond !';
echo htmlspecialchars(($_ini->cluster($_REQUEST['server'])) ? 'All servers from Cluster ' . $_REQUEST['server'] : 'Server ' . $_REQUEST['server'], ' did not respond !');
}
# All servers stats
else
Expand All @@ -20,7 +20,7 @@
<div class="container corner full-size padding">
<span class="left">Error message</span>
<br/>
<?php echo Errors::last(); ?>
<?php echo htmlspecialchars(Errors::last()); ?>
<br/>
<br/>
Please check above error message or your server status and retry
Expand Down Expand Up @@ -54,7 +54,7 @@
This slab is allocated, but is empty
<br/>
<br/>
Go back to <a href="?server=<?php echo $_REQUEST['server']; ?>&amp;show=slabs" class="green">Server Slabs</a>
Go back to <a href="?server=<?php echo urlencode($_REQUEST['server']); ?>&amp;show=slabs" class="green">Server Slabs</a>
</div>
<?php
}
}
Loading

0 comments on commit 24dc159

Please sign in to comment.