# HG changeset patch
# User Ben Schmidt
# Date 1279453590 -36000
# Node ID d92234debf5cae24bf9d280b55edd8461576ec88
# Parent  323ac213639d5d9dd786ee12aee7e4530ce695e4
Better validation of input in php-admin (Thomas Goirand)

diff -r 323ac213639d -r d92234debf5c ChangeLog
--- a/ChangeLog	Sun Jul 11 00:12:09 2010 +1000
+++ b/ChangeLog	Sun Jul 18 21:46:30 2010 +1000
@@ -1,3 +1,4 @@
+ o Better validation of input in php-admin (Thomas Goirand)
  o Added Turkish translation (Samed Beyribey)
  o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
    Kirkegaard)
diff -r 323ac213639d -r d92234debf5c contrib/web/php-admin/htdocs/edit.php
--- a/contrib/web/php-admin/htdocs/edit.php	Sun Jul 11 00:12:09 2010 +1000
+++ b/contrib/web/php-admin/htdocs/edit.php	Sun Jul 18 21:46:30 2010 +1000
@@ -104,14 +104,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
diff -r 323ac213639d -r d92234debf5c contrib/web/php-admin/htdocs/save.php
--- a/contrib/web/php-admin/htdocs/save.php	Sun Jul 11 00:12:09 2010 +1000
+++ b/contrib/web/php-admin/htdocs/save.php	Sun Jul 18 21:46:30 2010 +1000
@@ -79,14 +79,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");