opensourcepos

mirror/opensourcepos

Fork 0

mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-17 05:19:43 -04:00

Commit Graph

Author	SHA1	Message	Date
Ollama	8da4aff262	fix(security): prevent command injection in sendmail path configuration Add validation for the mailpath POST parameter to prevent command injection attacks. The path is validated to only allow alphanumeric characters, underscores, dashes, forward slashes, and dots. - Required mailpath when protocol is "sendmail" - Validates format for all non-empty mailpath values - Blocks common injection vectors: ; \| & ` $() spaces newlines - Added mailpath_invalid translation to all 43 language files - Simplified validation logic to avoid redundant conditions Files changed: - app/Controllers/Config.php: Add regex validation with protocol check - app/Language/*/Config.php: Add mailpath_invalid error message (43 languages) - tests/Controllers/ConfigTest.php: Unit tests for validation	2026-04-06 18:37:07 +00:00

Author

SHA1

Message

Date

Ollama

8da4aff262

fix(security): prevent command injection in sendmail path configuration

Add validation for the mailpath POST parameter to prevent command injection
attacks. The path is validated to only allow alphanumeric characters,
underscores, dashes, forward slashes, and dots.

- Required mailpath when protocol is "sendmail"
- Validates format for all non-empty mailpath values
- Blocks common injection vectors: ; | & ` $() spaces newlines
- Added mailpath_invalid translation to all 43 language files
- Simplified validation logic to avoid redundant conditions

Files changed:
- app/Controllers/Config.php: Add regex validation with protocol check
- app/Language/*/Config.php: Add mailpath_invalid error message (43 languages)
- tests/Controllers/ConfigTest.php: Unit tests for validation

2026-04-06 18:37:07 +00:00

1 Commits