From: Ben Schmidt <none@none>
Date: Sun, 18 Jul 2010 11:46:30 +0000 (+1000)
Subject: Better validation of input in php-admin (Thomas Goirand)
X-Git-Tag: RELEASE_1_2_18a1~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a4cccf086e2dc46b5e23f944d0824b45fadb4d7;p=thirdparty%2Fmlmmj.git

Better validation of input in php-admin (Thomas Goirand)
---

diff --git a/ChangeLog b/ChangeLog
index 46f30fdc..90a41aae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+ o Better validation of input in php-admin (Thomas Goirand)
  o Added Turkish translation (Samed Beyribey)
  o Fixed security bug in mlmmj-php-admin (Florian Streibelt, Morten Shearman
    Kirkegaard)
diff --git a/contrib/web/php-admin/htdocs/edit.php b/contrib/web/php-admin/htdocs/edit.php
index d61d0991..2d8b5826 100644
--- a/contrib/web/php-admin/htdocs/edit.php
+++ b/contrib/web/php-admin/htdocs/edit.php
@@ -104,14 +104,8 @@ $list = $HTTP_GET_VARS["list"];
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");
diff --git a/contrib/web/php-admin/htdocs/save.php b/contrib/web/php-admin/htdocs/save.php
index c59a2132..908b8144 100644
--- a/contrib/web/php-admin/htdocs/save.php
+++ b/contrib/web/php-admin/htdocs/save.php
@@ -79,14 +79,8 @@ $list = $HTTP_POST_VARS["list"];
 if(!isset($list))
 die("no list specified");
 
-if (strchr($list, "/") !== false)
-die("slash in list name");
-
-if ($list == ".")
-die("list name is dot");
-
-if ($list == "..")
-die("list name is dot-dot");
+if (dirname(realpath($topdir."/".$list)) != $topdir)
+die("list outside topdir");
 
 if(!is_dir($topdir."/".$list))
 die("non-existent list");