Merge pull request #1624 from OCSInventory-NG/security-fixes

Security fixes

plugins/main_sections/ms_export/ms_export_ocs.php

@@ -21,15 +21,16 @@
  * MA 02110-1301, USA.
  */
 require_once('require/function_computers.php');
-$seeit = is_mine_computer($protectedGet['systemid']);
+$systemId = preg_replace('/[^0-9]/', '', $protectedGet['systemid']); 
+$seeit = is_mine_computer($systemId);
 if (!$seeit) {
     require_once (HEADER_HTML);
     msg_error($l->g(837));
     require_once(FOOTER_HTML);
     die();
 }
 $sql = "select * from hardware where id=%s";
-$arg = $protectedGet['systemid'];
+$arg = $systemId;
 $res = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
 $item_hardware = mysqli_fetch_object($res);
 $xml = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n";
@@ -40,7 +41,7 @@
 foreach ($_SESSION['OCS']['SQL_TABLE_HARDWARE_ID'] as $tablename) {
     if (!in_array($tablename, $table_not_use)) {
         $sql = "select * from %s where hardware_id=%s";
-        $arg = array($tablename, $protectedGet['systemid']);
+        $arg = array($tablename, $systemId);
 
         $res = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
         if($res) {
@@ -79,7 +80,7 @@
 
 //ACCOUNTINFO VALUES
 $sql = "select * from accountinfo where hardware_id=%s";
-$arg = $protectedGet['systemid'];
+$arg = $systemId;
 $res = mysql2_query_secure($sql, $_SESSION['OCS']["readServer"], $arg);
 $item_accountinfo = mysqli_fetch_object($res);
 

plugins/main_sections/ms_repart_tag/ms_repart_tag.php

@@ -62,7 +62,8 @@
 </div>
 <?php
 if (isset($protectedPost['TAG_CHOISE'])) {
-    $tag = $protectedPost['TAG_CHOISE'];
+    // clean filter value like xxx.yyy, xxx or xxx.yy_yy
+    $tag = preg_replace("/[^A-Za-z0-9\._]/", "", $protectedPost['TAG_CHOISE']);
 }
 if (array($accountinfo_value['TAB_OPTIONS'])) {
     $tab_options = $accountinfo_value['TAB_OPTIONS'];

plugins/main_sections/ms_upload_file/ms_upload_file.php

@@ -74,7 +74,7 @@ function verif_file_format(champ) {
 $tab_options['table_name'] = $table_name;
 if (isset($_FILES['file_upload']['name'])) {
     if ($_FILES['file_upload']['size'] != 0) {
-        $fname = $_FILES['file_upload']['name'];
+        $fname = preg_replace("/[^A-Za-z0-9\._]/", "", $_FILES['file_upload']['name']);
         $platform = "windows";
         $filename = $_FILES['file_upload']['tmp_name'];
         $fd = fopen($filename, "r");
@@ -90,7 +90,7 @@ function verif_file_format(champ) {
         if (!$result) {
             msg_error($l->g(2003) . mysqli_errno($_SESSION['OCS']["writeServer"]) . "<br>" . mysqli_error($_SESSION['OCS']["writeServer"]));
         } else {
-            msg_success($l->g(137) . " " . $_FILES['file_upload']['name'] . " " . $l->g(234));
+            msg_success($l->g(137) . " " . $fname . " " . $l->g(234));
             $tab_options['CACHE'] = 'RESET';
         }
     } else {

require/function_table_html.php

@@ -340,7 +340,7 @@ function checkall()
                 "serverSide": true,
                 "dom": dom,
                 "ajax": {
-                    'url': '<?php echo $address; ?>&no_header=true&no_footer=true',
+                    'url': '<?php echo preg_replace("/[^A-Za-z0-9\._\-?=&%]/", "",$address); ?>&no_header=true&no_footer=true',
                     "type": "POST",
                     //Error handling
                     "error": function (xhr, error, thrown) {

require/softwares/AllSoftware.php

@@ -529,6 +529,7 @@ public function verifyCsv($file){
         $names = preg_split("/[\r|\n]+/", $content);
         $hardware = [];
         foreach ($names as $key => $name) {
+            $name = preg_replace("/[^A-Za-z0-9-_\.]/", "", $name);
             if ($name != "") {
                 $sql = "SELECT ID FROM hardware WHERE NAME = '" . addslashes($name) . "'";