Bugfix: Restrict find_full_subnets.php to CLI

find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line. Reported by ovprophet

Bugfix: Restrict find_full_subnets.php to CLI
1960bd24 · Gary Allan · c3d33be5 · 1960bd24 · 1960bd24
Unverified Commit 1960bd24 authored Feb 3, 2023 by Gary Allan
--- a/functions/scripts/find_full_subnets.php
+++ b/functions/scripts/find_full_subnets.php
 <?php

+# script can only be run from cli
+if(php_sapi_name()!="cli") 						{ die("This script can only be run from cli!"); }
+
 # include required scripts
 require_once( dirname(__FILE__) . '/../functions.php' );

@@ -40,4 +43,3 @@ if (isset($out)) {
    // do something with output
    print_r($out);
 }
-?>
\ No newline at end of file
--- a/misc/CHANGELOG
+++ b/misc/CHANGELOG
@@ -7,6 +7,7 @@
    Security Fixes:
    ----------------------------
    + XSS (reflected) in 'bw-calulator-result.php';
+    + Restrict find_full_subnets.php to CLI;

 == 1.5.0