changeset 725:d92234debf5c

Better validation of input in php-admin (Thomas Goirand)
author Ben Schmidt
date Sun, 18 Jul 2010 21:46:30 +1000
parents 323ac213639d
children 7d4efc26d03a
files ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php
diffstat 3 files changed, 5 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sun Jul 11 00:12:09 2010 +1000
+++ b/ChangeLog	Sun Jul 18 21:46:30 2010 +1000
@@ -1,3 +1,4 @@
+ o Better validation of input in php-admin (Thomas Goirand)
  o Added Turkish translation (Samed Beyribey)
  o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
    Kirkegaard)
--- a/contrib/web/php-admin/htdocs/edit.php	Sun Jul 11 00:12:09 2010 +1000
+++ b/contrib/web/php-admin/htdocs/edit.php	Sun Jul 18 21:46:30 2010 +1000
@@ -104,14 +104,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
--- a/contrib/web/php-admin/htdocs/save.php	Sun Jul 11 00:12:09 2010 +1000
+++ b/contrib/web/php-admin/htdocs/save.php	Sun Jul 18 21:46:30 2010 +1000
@@ -79,14 +79,8 @@
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");