mlmmj

changeset a50b8ab11d28

Validate input in php-admin to avoid altering arbitrary files (Florian Streibelt, Morten Shearman Kirkegaard)
author Ben Schmidt
date Sun, 21 Nov 2010 00:25:20 +1100
parents edfd37c7ec4c
children 8b75f6939a96
files ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php
diffstat 3 files changed, 20 insertions(+), 0 deletions(-) [+]
line diff
     1.1 --- a/ChangeLog	Fri Feb 19 03:21:55 2010 +1100
     1.2 +++ b/ChangeLog	Sun Nov 21 00:25:20 2010 +1100
     1.3 @@ -1,3 +1,5 @@
     1.4 + o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
     1.5 +   Kirkegaard)
     1.6   o Added contrib/amime-receive (Gerd v. Egidy)
     1.7   o Fixed memory leak in substitute_one() (Ben Schmidt)
     1.8   o Updated German listtexts (Christoph Wilke)
     2.1 --- a/contrib/web/php-admin/htdocs/edit.php	Fri Feb 19 03:21:55 2010 +1100
     2.2 +++ b/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:25:20 2010 +1100
     2.3 @@ -104,6 +104,15 @@
     2.4  if(!isset($list))
     2.5  die("no list specified");
     2.6  
     2.7 +if (strchr($list, "/") !== false)
     2.8 +die("slash in list name");
     2.9 +
    2.10 +if ($list == ".")
    2.11 +die("list name is dot");
    2.12 +
    2.13 +if ($list == "..")
    2.14 +die("list name is dot-dot");
    2.15 +
    2.16  if(!is_dir($topdir."/".$list))
    2.17  die("non-existent list");
    2.18  
     3.1 --- a/contrib/web/php-admin/htdocs/save.php	Fri Feb 19 03:21:55 2010 +1100
     3.2 +++ b/contrib/web/php-admin/htdocs/save.php	Sun Nov 21 00:25:20 2010 +1100
     3.3 @@ -79,6 +79,15 @@
     3.4  if(!isset($list))
     3.5  die("no list specified");
     3.6  
     3.7 +if (strchr($list, "/") !== false)
     3.8 +die("slash in list name");
     3.9 +
    3.10 +if ($list == ".")
    3.11 +die("list name is dot");
    3.12 +
    3.13 +if ($list == "..")
    3.14 +die("list name is dot-dot");
    3.15 +
    3.16  if(!is_dir($topdir."/".$list))
    3.17  die("non-existent list");
    3.18