ncp-web: sanitize the ref parameter

nextcloud · Jun 4, 2018 · 05c14ce · 05c14ce
1 parent 3c462f6
commit 05c14ce
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
@@ -92,8 +92,12 @@
 
 else if ( $_POST['action'] == "launch" && $_POST['config'] )
 {
+  // sanity checks
   if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' );
 
+  preg_match( '/^[a-z-]+$/' , $_POST['ref'] , $matches )
+    or exit( '{ "output": "Invalid input" , "token": "' . getCSRFToken() . '" }' );
+
   // CSRF check
   $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : '';
   if ( empty($token) || !validateCSRFToken($token) )