mlmmj

changeset b542f6e55f5b

Better validation of input in php-admin (Thomas Goirand)
author Ben Schmidt
date Sun, 21 Nov 2010 00:30:23 +1100
parents 4294e7f1209f
children 284c640f1b3f
files ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php
diffstat 3 files changed, 5 insertions(+), 16 deletions(-) [+]
line diff
     1.1 --- a/ChangeLog	Sun Nov 21 00:28:46 2010 +1100
     1.2 +++ b/ChangeLog	Sun Nov 21 00:30:23 2010 +1100
     1.3 @@ -1,3 +1,4 @@
     1.4 + o Better validation of input in php-admin (Thomas Goirand)
     1.5   o Added Turkish translation (Samed Beyribey)
     1.6   o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
     1.7     Kirkegaard)
     2.1 --- a/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:28:46 2010 +1100
     2.2 +++ b/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:30:23 2010 +1100
     2.3 @@ -104,14 +104,8 @@
     2.4  if(!isset($list))
     2.5  die("no list specified");
     2.6  
     2.7 -if (strchr($list, "/") !== false)
     2.8 -die("slash in list name");
     2.9 -
    2.10 -if ($list == ".")
    2.11 -die("list name is dot");
    2.12 -
    2.13 -if ($list == "..")
    2.14 -die("list name is dot-dot");
    2.15 +if (dirname(realpath($topdir."/".$list)) != $topdir)
    2.16 +die("list outside topdir");
    2.17  
    2.18  if(!is_dir($topdir."/".$list))
    2.19  die("non-existent list");
     3.1 --- a/contrib/web/php-admin/htdocs/save.php	Sun Nov 21 00:28:46 2010 +1100
     3.2 +++ b/contrib/web/php-admin/htdocs/save.php	Sun Nov 21 00:30:23 2010 +1100
     3.3 @@ -79,14 +79,8 @@
     3.4  if(!isset($list))
     3.5  die("no list specified");
     3.6  
     3.7 -if (strchr($list, "/") !== false)
     3.8 -die("slash in list name");
     3.9 -
    3.10 -if ($list == ".")
    3.11 -die("list name is dot");
    3.12 -
    3.13 -if ($list == "..")
    3.14 -die("list name is dot-dot");
    3.15 +if (dirname(realpath($topdir."/".$list)) != $topdir)
    3.16 +die("list outside topdir");
    3.17  
    3.18  if(!is_dir($topdir."/".$list))
    3.19  die("non-existent list");