Mercurial > hg > mlmmj

changeset 786:b542f6e55f5b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better validation of input in php-admin (Thomas Goirand)
author Ben Schmidt
date Sun, 21 Nov 2010 00:30:23 +1100
parents 4294e7f1209f
children 284c640f1b3f
files ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php
diffstat 3 files changed, 5 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sun Nov 21 00:28:46 2010 +1100
+++ b/ChangeLog	Sun Nov 21 00:30:23 2010 +1100
@@ -1,3 +1,4 @@
+ o Better validation of input in php-admin (Thomas Goirand)
  o Added Turkish translation (Samed Beyribey)
  o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
    Kirkegaard)
--- a/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:28:46 2010 +1100
+++ b/contrib/web/php-admin/htdocs/edit.php	Sun Nov 21 00:30:23 2010 +1100
@@ -104,14 +104,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
--- a/contrib/web/php-admin/htdocs/save.php	Sun Nov 21 00:28:46 2010 +1100
+++ b/contrib/web/php-admin/htdocs/save.php	Sun Nov 21 00:30:23 2010 +1100
@@ -79,14 +79,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");