Projet

Général

Profil

« Précédent | Suivant » 

Révision 7145cd87

Ajouté par Renato Botelho il y a presque 10 ans

Remove . and / from pkg name to avoid directory traversal

Voir les différences:

usr/local/www/pkg_mgr_install.php
105 105 
				</tr>
106 106 
<?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))):
107 107 
	if (empty($_GET['mode']) && $_GET['id']) {
108 
		$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401));
108 
		$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401));
109 109 
		$pkgmode = 'installed';
110 110 
	} else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) {
111 
		$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
112 
		$pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401));
111 
		$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
112 
		$pkgmode = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401));
113 113 
	} else if ($_GET['mode'] == 'reinstallall') {
114 114 
		$pkgmode = 'reinstallall';
115 115 
	}
......
188 188 
ob_flush();
189 189 

  		




  190
  190
  
    
if ($_GET) {


  		




  191
  
  
    
	$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));


  		




  
  191
  
    
	$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));


  		




  192
  192
  
    
	switch($_GET['mode']) {


  		




  193
  193
  
    
	case 'showlog':


  		




  194
  194
  
    
		if (strpos($pkgname, ".")) {


  		




  ......




  210
  210
  
    
		break;


  		




  211
  211
  
    
	}


  		




  212
  212
  
    
} else if ($_POST) {


  		




  213
  
  
    
	$pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));


  		




  
  213
  
    
	$pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));


  		




  214
  214
  
    

  		




  215
  215
  
    
	/* All other cases make changes, so mount rw fs */


  		




  216
  216
  
    
	conf_mount_rw();


  		












Formats disponibles :  Unified diff