[Easymod-cvs] easymod2/mods/easymod/includes admin_easymod.php.txt,1.29,1.30
Status: Beta
Brought to you by:
wgeric
Menu
▾
▴
[Easymod-cvs] easymod2/mods/easymod/includes admin_easymod.php.txt,1.29,1.30
|
From: Markus P. <mar...@us...> - 2005-11-02 05:52:07
|
Update of /cvsroot/easymod/easymod2/mods/easymod/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2555/includes Modified Files: admin_easymod.php.txt Log Message: A couple more fixes. Index: admin_easymod.php.txt =================================================================== RCS file: /cvsroot/easymod/easymod2/mods/easymod/includes/admin_easymod.php.txt,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** admin_easymod.php.txt 2 Nov 2005 04:27:42 -0000 1.29 --- admin_easymod.php.txt 2 Nov 2005 05:51:56 -0000 1.30 *************** *** 101,104 **** --- 101,122 ---- + // prevent from attempts to read files out of expected scope + function check_file_scope($filename, $expected_scope, $simply_die = false) + { + global $db, $lang; + + // make sure a file is located somewhere inside the specified directory + if( !@file_exists(phpbb_realpath($filename)) || !strstr(phpbb_realpath($filename), phpbb_realpath($expected_scope)) ) + { + $message = sprintf($lang['EM_modio_open_read'], $filename); + if( $simply_die ) + { + $db->sql_close(); + die($message); + } + message_die(GENERAL_ERROR, $message); + } + } + // write command info to the screen (add to template) function display_line($command, $body) *************** *** 196,199 **** --- 214,219 ---- function get_mod_properties($file, &$mod_title, &$mod_author_handle, &$mod_author_email, &$mod_author_name, &$mod_author_url, &$mod_description, &$mod_version, &$compliant) { + global $phpbb_root_path, $script_path; + // used to add a little tolerance on the Author line $faux_author = false; *************** *** 201,204 **** --- 221,225 ---- // open the file and grab the first line + check_file_scope($file, $phpbb_root_path . $script_path); $f_mod_script = fopen($file, 'r'); if (!$f_mod_script) *************** *** 208,212 **** $buffer = fgets($f_mod_script, 1024); - // see if it is EMC right away; first line starts with ## on it and contains "easymod" $compliant = false; --- 229,232 ---- *************** *** 745,754 **** // if there is no file to process then we are in trouble! ! if ( $process_file == '') { message_die(GENERAL_ERROR, $lang['EM_err_no_process_file']); } - // set up the redirects so we will download a file, the contents of which we will echo out header('Content-Type: text/x-delimtext; name="' . $split[count($split)-1] . '"'); --- 765,773 ---- // if there is no file to process then we are in trouble! ! if ($process_file == '') { message_die(GENERAL_ERROR, $lang['EM_err_no_process_file']); } // set up the redirects so we will download a file, the contents of which we will echo out header('Content-Type: text/x-delimtext; name="' . $split[count($split)-1] . '"'); *************** *** 1569,1574 **** { $files = array(); ! $f_mod_script = fopen ($install_path . $install_file, 'r'); ! while (!feof ($f_mod_script)) { $buffer = fgets($f_mod_script, 4096); --- 1588,1594 ---- { $files = array(); ! check_file_scope($install_path . $install_file, $phpbb_root_path . $script_path); ! $f_mod_script = fopen($install_path . $install_file, 'r'); ! while (!feof($f_mod_script)) { $buffer = fgets($f_mod_script, 4096); *************** *** 1675,1678 **** --- 1695,1699 ---- { // open the core file + check_file_scope($process_file, $phpbb_root_path . $script_path, true); if (!$read_file = fopen($process_file, 'r')) { *************** *** 1730,1735 **** // ! $f_mod_script = fopen ($install_path . '/' . $install_file, 'r'); ! while (!feof ($f_mod_script)) { $buffer = fgets($f_mod_script, 4096); --- 1751,1757 ---- // ! check_file_scope($install_path . $install_file, $phpbb_root_path . $script_path); ! $f_mod_script = fopen($install_path . $install_file, 'r'); ! while (!feof($f_mod_script)) { $buffer = fgets($f_mod_script, 4096); |
