cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6f60d927a5dd2e2b4a3446185b949c830f67aaa
Linux-Server-Management-Too…/modules
T
History
cschantz c6f60d927a Add input validation for custom directory and database name selections 
Custom MySQL Data Directory Validation (Line 1313-1335):
- Validates custom path to prevent directory traversal attacks
- Rejects paths containing '../' sequences
- Resolves to absolute path using cd/pwd to prevent symlink attacks
- Prevents confusion and security issues with relative paths
- Example blocked: '../../../etc'

Ticket Number Validation (Line 1641-1650):
- Validates ticket numbers contain only safe alphanumeric characters
- Prevents filename/command injection via ticket number
- Allows only: [a-zA-Z0-9_-]
- Invalid characters result in skipping the ticket number
- Prevents log file corruption or path issues

Database Name Validation (Line 1622-1632):
- Manually entered database names checked for path traversal
- Rejects names containing '/' or '..'
- Prevents directory traversal when constructing database paths
- Array-selected databases already safe (from discovered databases)
- Example blocked: '../../evil_dir'

Impact: Hardens all major user input points against traversal attacks,
filename injection, and command injection. Script is now security-hardened.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-02-11 00:59:10 -05:00
..
backup
Add input validation for custom directory and database name selections
2026-02-11 00:59:10 -05:00
diagnostics
Fix AWK-UNINIT issues by initializing variables in BEGIN blocks
2026-02-07 02:49:57 -05:00
email
Fix TYPE-MISMATCH issues in email diagnostic scripts
2026-02-10 22:27:48 -05:00
maintenance
Fix HIGH priority issues: paths, globs, deps, wordsplit
2026-01-02 17:21:19 -05:00
performance
Fix remaining TYPE-MISMATCH issues and disable CHECK 97 false positives
2026-02-07 03:14:24 -05:00
security
Fix remaining TYPE-MISMATCH issues and disable CHECK 97 false positives
2026-02-07 03:14:24 -05:00
website
Distinguish between Cloudflare Proxied (orange cloud) and DNS-Only (gray cloud)
2026-01-28 15:57:47 -05:00