Mercurial > hg > mlmmj
changeset 725:d92234debf5c
Better validation of input in php-admin (Thomas Goirand)
author | Ben Schmidt |
---|---|
date | Sun, 18 Jul 2010 21:46:30 +1000 |
parents | 323ac213639d |
children | 7d4efc26d03a |
files | ChangeLog contrib/web/php-admin/htdocs/edit.php contrib/web/php-admin/htdocs/save.php |
diffstat | 3 files changed, 5 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sun Jul 11 00:12:09 2010 +1000 +++ b/ChangeLog Sun Jul 18 21:46:30 2010 +1000 @@ -1,3 +1,4 @@ + o Better validation of input in php-admin (Thomas Goirand) o Added Turkish translation (Samed Beyribey) o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman Kirkegaard)
--- a/contrib/web/php-admin/htdocs/edit.php Sun Jul 11 00:12:09 2010 +1000 +++ b/contrib/web/php-admin/htdocs/edit.php Sun Jul 18 21:46:30 2010 +1000 @@ -104,14 +104,8 @@ if(!isset($list)) die("no list specified"); -if (strchr($list, "/") !== false) -die("slash in list name"); - -if ($list == ".") -die("list name is dot"); - -if ($list == "..") -die("list name is dot-dot"); +if (dirname(realpath($topdir."/".$list)) != $topdir) +die("list outside topdir"); if(!is_dir($topdir."/".$list)) die("non-existent list");
--- a/contrib/web/php-admin/htdocs/save.php Sun Jul 11 00:12:09 2010 +1000 +++ b/contrib/web/php-admin/htdocs/save.php Sun Jul 18 21:46:30 2010 +1000 @@ -79,14 +79,8 @@ if(!isset($list)) die("no list specified"); -if (strchr($list, "/") !== false) -die("slash in list name"); - -if ($list == ".") -die("list name is dot"); - -if ($list == "..") -die("list name is dot-dot"); +if (dirname(realpath($topdir."/".$list)) != $topdir) +die("list outside topdir"); if(!is_dir($topdir."/".$list)) die("non-existent list");