Be more careful with host parameter and make sure it's escaped when call shell functions

1 files changed, 6 insertions, 7 deletions

diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php
index fcdd330..bec923a 100644
--- a/usr/local/www/diag_dns.php
+++ b/usr/local/www/diag_dns.php
@@ -38,16 +38,17 @@ require("guiconfig.inc");
 if ($_GET['host'])
 	$_POST = $_GET;
 
-if($_GET['createalias'] == "true") {
-	$host = trim($_POST['host']);
+$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'");
+$host_esc = escapeshellarg($host);
+
+if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) {
 	if($_GET['override'])
 		$override = true;
 	$a_aliases = &$config['aliases']['alias'];
 	$type = "hostname";
 	$resolved = gethostbyname($host);
 	if($resolved) {
-		$host = trim($_POST['host']);
-		$drill=`/usr/bin/drill "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`;
+		$drill=`/usr/bin/drill "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`;
 		$resolved = explode("\n", $drill);
 		$isfirst = true;
 		foreach($resolved as $re) {
@@ -93,8 +94,6 @@ if ($_POST) {
 	$reqdfieldsn = explode(",", "Host");
 
 	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
-	$host = trim($_POST['host'], " \t\n\r\0\x0B[]");
-	$host_esc = escapeshellarg($host);
 	
 	if (!is_hostname($host) && !is_ipaddr($host)) {
 		$input_errors[] = gettext("Host must be a valid hostname or IP address.");
@@ -130,7 +129,7 @@ if ($_POST) {
 			$type = "hostname";
 			$resolved = gethostbyname($host);
 			if($resolved) {
-				$drill=`/usr/bin/drill $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`;
+				$drill=`/usr/bin/drill {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`;
 				$resolved = explode("\n", $drill);
 			}
 			$hostname = $host;