Mercurial > hg > mlmmj
changeset 722:773c6ef6fb10
Validate input in php-admin to avoid altering arbitrary files
(Florian Streibelt, Morten Shearman Kirkegaard)
author | Ben Schmidt |
---|---|
date | Wed, 07 Jul 2010 01:05:36 +1000 |
parents | 6713d89baae8 |
children | e4e3d5e261e2 |
files | ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php |
diffstat | 3 files changed, 20 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jul 30 09:50:34 2010 +1000 +++ b/ChangeLog Wed Jul 07 01:05:36 2010 +1000 @@ -1,3 +1,5 @@ + o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman + Kirkegaard) o Added "send" keyword to control/access handling (Ben Schmidt) o Added contrib/amime-receive (Gerd v. Egidy) o Fixed memory leak in substitute_one() (Ben Schmidt)
--- a/contrib/web/php-admin/htdocs/edit.php Fri Jul 30 09:50:34 2010 +1000 +++ b/contrib/web/php-admin/htdocs/edit.php Wed Jul 07 01:05:36 2010 +1000 @@ -104,6 +104,15 @@ if(!isset($list)) die("no list specified"); +if (strchr($list, "/") !== false) +die("slash in list name"); + +if ($list == ".") +die("list name is dot"); + +if ($list == "..") +die("list name is dot-dot"); + if(!is_dir($topdir."/".$list)) die("non-existent list");
--- a/contrib/web/php-admin/htdocs/save.php Fri Jul 30 09:50:34 2010 +1000 +++ b/contrib/web/php-admin/htdocs/save.php Wed Jul 07 01:05:36 2010 +1000 @@ -79,6 +79,15 @@ if(!isset($list)) die("no list specified"); +if (strchr($list, "/") !== false) +die("slash in list name"); + +if ($list == ".") +die("list name is dot"); + +if ($list == "..") +die("list name is dot-dot"); + if(!is_dir($topdir."/".$list)) die("non-existent list");