|
From: Garvin H. <gar...@us...> - 2005-01-02 18:58:50
|
Update of /cvsroot/php-blog/serendipity/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2931/include Modified Files: functions_images.inc.php Log Message: Fixed possible security issues reported on the forums: http://www.s9y.org/forums/viewtopic.php?p=3303#3303 This will enforce the path_stripping on every call - patterns like "../../" will be removed, leaving simple directory intact. A slash in first place will be removed. Index: functions_images.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/include/functions_images.inc.php,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- functions_images.inc.php 26 Dec 2004 22:41:34 -0000 1.21 +++ functions_images.inc.php 2 Jan 2005 18:58:39 -0000 1.22 @@ -1107,11 +1107,14 @@ } } -function serendipity_uploadSecure(&$var, $strip_paths = false) { +function serendipity_uploadSecure(&$var, $strip_paths = true) { $var = preg_replace('@[^0-9a-z\._/-]@i', '', $var); if ($strip_paths) { $var = preg_replace('@(\.+[/\\\\]+)@', '/', $var); } + if ($var{0} == '/') { + $var = substr($var, 1); + } return true; } |
