]> git.ipfire.org Git - thirdparty/mlmmj.git/commitdiff
projects / thirdparty / mlmmj.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 06ee9bb)
Better validation of input in php-admin (Thomas Goirand)
authorBen Schmidt <none@none>
Sat, 20 Nov 2010 13:30:23 +0000 (00:30 +1100)
committerBen Schmidt <none@none>
Sat, 20 Nov 2010 13:30:23 +0000 (00:30 +1100)
ChangeLog patch | blob | blame | history
contrib/web/php-admin/htdocs/edit.php patch | blob | blame | history
contrib/web/php-admin/htdocs/save.php patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 2135d4b42eafbb8492faf925f41f4b4a498241e7..bf6ae2f45bd5ce08ab7948b6ea457e46b209814b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+ o Better validation of input in php-admin (Thomas Goirand)
  o Added Turkish translation (Samed Beyribey)
  o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
    Kirkegaard)
diff --git a/contrib/web/php-admin/htdocs/edit.php b/contrib/web/php-admin/htdocs/edit.php
index d61d09911eaf49dc2ca66a29707c9d0fa412feed..2d8b58269e3c9ef06cf9b8332ccdb9eb0dd6062e 100644 (file)
--- a/contrib/web/php-admin/htdocs/edit.php
+++ b/contrib/web/php-admin/htdocs/edit.php
@@ -104,14 +104,8 @@ $list = $HTTP_GET_VARS["list"];
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
diff --git a/contrib/web/php-admin/htdocs/save.php b/contrib/web/php-admin/htdocs/save.php
index c59a21320266c75c4e7507f95277ac36db85c329..908b8144d8c0ebbf12cc1c23b284ee00f3045b8b 100644 (file)
--- a/contrib/web/php-admin/htdocs/save.php
+++ b/contrib/web/php-admin/htdocs/save.php
@@ -79,14 +79,8 @@ $list = $HTTP_POST_VARS["list"];
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
Mirror of https://codeberg.org/mlmmj/mlmmj.git