Mercurial > hg > mlmmj
changeset 783:a50b8ab11d28
Validate input in php-admin to avoid altering arbitrary files
(Florian Streibelt, Morten Shearman Kirkegaard)
author | Ben Schmidt |
---|---|
date | Sun, 21 Nov 2010 00:25:20 +1100 |
parents | edfd37c7ec4c |
children | 8b75f6939a96 |
files | ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php |
diffstat | 3 files changed, 20 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Feb 19 03:21:55 2010 +1100 +++ b/ChangeLog Sun Nov 21 00:25:20 2010 +1100 @@ -1,3 +1,5 @@ + o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman + Kirkegaard) o Added contrib/amime-receive (Gerd v. Egidy) o Fixed memory leak in substitute_one() (Ben Schmidt) o Updated German listtexts (Christoph Wilke)
--- a/contrib/web/php-admin/htdocs/edit.php Fri Feb 19 03:21:55 2010 +1100 +++ b/contrib/web/php-admin/htdocs/edit.php Sun Nov 21 00:25:20 2010 +1100 @@ -104,6 +104,15 @@ if(!isset($list)) die("no list specified"); +if (strchr($list, "/") !== false) +die("slash in list name"); + +if ($list == ".") +die("list name is dot"); + +if ($list == "..") +die("list name is dot-dot"); + if(!is_dir($topdir."/".$list)) die("non-existent list");
--- a/contrib/web/php-admin/htdocs/save.php Fri Feb 19 03:21:55 2010 +1100 +++ b/contrib/web/php-admin/htdocs/save.php Sun Nov 21 00:25:20 2010 +1100 @@ -79,6 +79,15 @@ if(!isset($list)) die("no list specified"); +if (strchr($list, "/") !== false) +die("slash in list name"); + +if ($list == ".") +die("list name is dot"); + +if ($list == "..") +die("list name is dot-dot"); + if(!is_dir($topdir."/".$list)) die("non-existent list");