michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-03-11 05:12:03 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix query monitor driver eval with strict whitelist (#7)

Browse Source
This commit is contained in:
Ilia Ross
2026-03-10 17:29:17 +02:00
parent 01d650ca06
commit fe5cf97cef
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
status/query-monitor.pl
View File

@@ -1,8 +1,16 @@
# query-monitor.pl
# Try an SQL query on a MySQL or PostgreSQL server
my %allowed_query_drivers = map { $_, 1 } ("mysql", "Pg", "Oracle");
sub get_query_status
{
if (!$allowed_query_drivers{$_[0]->{'driver'}}) {
return { 'up' => -1,
'desc' => &text('query_edriver',
"<tt>DBD::$_[0]->{'driver'}</tt>") };
}
# Load the driver
local $drh;
eval <<EOF;
@@ -75,7 +83,12 @@ print &ui_table_row($text{'query_result'},
sub parse_query_dialog
{
eval "use DBD::$in{'driver'}";
$allowed_query_drivers{$in{'driver'}} ||
&error(&text('query_edriver', "<tt>DBD::$in{'driver'}</tt>"));
eval {
require DBI;
DBI->install_driver($in{'driver'});
};
&error(&text('query_edriver', "<tt>DBD::$in{'driver'}</tt>")) if ($@);
$_[0]->{'driver'} = $in{'driver'};