starred/LookingGlass
1
0
Fork 0
mirror of https://github.com/telephone/LookingGlass.git synced 2026-04-25 07:56:01 +03:00
Code Issues 25 Projects Releases Packages Wiki Activity

[GH-ISSUE #31] Functions for example ping, traceroute, etc accept two argurments but you can't pass them #19

New issue
Closed
opened 2026-02-28 00:40:11 +03:00 by kerem · 3 comments
kerem commented 2026-02-28 00:40:11 +03:00
Owner
Copy link

Originally created by @valduze on GitHub (May 4, 2015).
Original GitHub issue: https://github.com/telephone/LookingGlass/issues/31

Hello,
Functions like ping for example accept two arguments, how would you pass those to the web-interface. There is no extra text field to put those.

public function ping($host, $count = 4)

Please assist,
Regards,
Jongi

Originally created by @valduze on GitHub (May 4, 2015). Original GitHub issue: https://github.com/telephone/LookingGlass/issues/31 Hello, Functions like ping for example accept two arguments, how would you pass those to the web-interface. There is no extra text field to put those. public function ping($host, $count = 4) Please assist, Regards, Jongi
kerem 2026-02-28 00:40:11 +03:00
  • closed this issue
  • added the
    v1
         label
kerem commented 2026-02-28 00:40:11 +03:00
Author
Owner
Copy link

@s4m4n commented on GitHub (May 19, 2015):

I didn't really understand what are you going to do. Would you clarify?

<!-- gh-comment-id:103430234 --> @s4m4n commented on GitHub (May 19, 2015): I didn't really understand what are you going to do. Would you clarify?
kerem commented 2026-02-28 00:40:11 +03:00
Author
Owner
Copy link

@afolson commented on GitHub (Jun 6, 2015):

There are several arguments that ping accepts, and it'd be nice if there were a way to select a few of these or pass them through via the web interface instead of hard coding them in the source: https://github.com/telephone/LookingGlass/blob/master/LookingGlass/LookingGlass.php#L84-L87

The way it's set up now, the function accepts two arguments but the function falls back to the default count of 4 because there's no way to actually enter a count via the web interface.

<!-- gh-comment-id:109643679 --> @afolson commented on GitHub (Jun 6, 2015): There are several arguments that `ping` accepts, and it'd be nice if there were a way to select a few of these or pass them through via the web interface instead of hard coding them in the source: https://github.com/telephone/LookingGlass/blob/master/LookingGlass/LookingGlass.php#L84-L87 The way it's set up now, the function accepts two arguments but the function falls back to the default count of `4` because there's no way to actually enter a count via the web interface.
kerem commented 2026-02-28 00:40:11 +03:00
Author
Owner
Copy link

@telephone commented on GitHub (Jun 7, 2015):

The way it's set up now, the function accepts two arguments but the function falls back to the default count of 4 because there's no way to actually enter a count via the web interface.

The values are hard-coded for security. Allowing user based values opens you up to abuse and shell escalation. If the values are not properly validated and escaped then a user can easily use your LG to hack into your server.

Version 1 was set-up with simplicity as the main goal, so everything was kept very basic. To allow user input, more validation and a lot of tests would be required. Even then, I wouldn't allow more than integers for user based input.

Let's use your example of 'count' being set via the user interface. If you were to allow user input for 'count' in v1, you'd be susceptible to heavy abuse as there's no validation in v1. For example, a user could open multiple threads (under the rate-limit) and enter the count as '5,000,000'.

<!-- gh-comment-id:109735064 --> @telephone commented on GitHub (Jun 7, 2015): > The way it's set up now, the function accepts two arguments but the function falls back to the default count of 4 because there's no way to actually enter a count via the web interface. **The values are hard-coded for security**. Allowing user based values opens you up to abuse and shell escalation. If the values are not properly validated and escaped then a user can easily use your LG to hack into your server. Version 1 was set-up with simplicity as the main goal, so everything was kept very basic. To allow user input, more validation and a lot of tests would be required. Even then, I wouldn't allow more than integers for user based input. Let's use your example of 'count' being set via the user interface. If you were to allow user input for 'count' in v1, you'd be susceptible to heavy abuse as there's no validation in v1. For example, a user could open multiple threads (under the rate-limit) and enter the count as '5,000,000'.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
v1.3.0
v1.2.0
v1.1.0
v1.0.0
Labels
Clear labels   
enhancement

   
enhancement

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

  
v1
No labels
enhancement
enhancement
enhancement
pull-request
v1
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/LookingGlass#19
No description provided.