[ postfixadmin-Bugs-1838327 ] Inconsistent include statements
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[ postfixadmin-Bugs-1838327 ] Inconsistent include statements
|
From: SourceForge.net <no...@so...> - 2007-11-26 00:31:04
|
Bugs item #1838327, was opened at 2007-11-26 01:29 Message generated for change (Comment added) made by ornstedt You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1838327&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jan Örnstedt (ornstedt) Assigned to: Nobody/Anonymous (nobody) Summary: Inconsistent include statements Initial Comment: The code is quite inconsisten in the include statements. Se example below. I suggest to use one type of reference in all places and not mix them. I strongly suggest removing the variable from the include statement as this variable can be manipulated from a webform. See example below: edit-domain.php:include ("templates/header.tpl"); edit-domain.php:include ("templates/menu.tpl"); edit-domain.php:include ("templates/admin_edit-domain.tpl"); edit-domain.php:include ("templates/footer.tpl"); edit-mailbox.php:include ("$incpath/templates/header.tpl"); edit-mailbox.php:include ("$incpath/templates/menu.tpl"); edit-mailbox.php:include ("$incpath/templates/edit-mailbox.tpl"); edit-mailbox.php:include ("$incpath/templates/footer.tpl"); edit-vacation.php:include ("$incpath/templates/header.tpl"); edit-vacation.php:include ("$incpath/templates/menu.tpl"); edit-vacation.php:include ("$incpath/templates/edit-vacation.tpl"); edit-vacation.php:include ("$incpath/templates/footer.tpl"); fetchmail.php:include ("./templates/header.tpl"); fetchmail.php:include ("./templates/menu.tpl"); fetchmail.php:include ("./templates/fetchmail.tpl"); fetchmail.php:include ("./templates/footer.tpl"); Secondly I suggest changing thoose template names to have a php ending as you can today browse the source code in if you type in the file name... Perhaps add a .htaccess file. Or even better move the template directory outside the web root. ---------------------------------------------------------------------- >Comment By: Jan Örnstedt (ornstedt) Date: 2007-11-26 01:31 Message: Logged In: YES user_id=498787 Originator: YES $tempfile = "12345.tmp"; ... # do something with $tempfile here # and some form processing ... unlink ($tempfile); Even if you handle $tempfile safely before unlinking it, the last statement is still very dangerous. An attacker can craft his or her own form containing a field similar to: <input type=hidden name="tempfile" value="../../../etc/passwd"> PHP will insert the field name in the global namespace as $tempfile, thus overwriting the original value of the variable. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=1838327&group_id=191583 |
