[vassalengine-svn-trunk] [vassalengine-svn] SF.net SVN: vassalengine:[7061] site-src/trunk/site/util/motd.php

[<uck...@us...>]

Revision: 7061
          http://vassalengine.svn.sourceforge.net/vassalengine/?rev=7061&view=rev
Author:   uckelman
Date:     2010-07-30 21:33:36 +0000 (Fri, 30 Jul 2010)

Log Message:
-----------
Don't let file reads escape the motd_files directory.

Modified Paths:
--------------
    site-src/trunk/site/util/motd.php

Modified: site-src/trunk/site/util/motd.php
===================================================================
--- site-src/trunk/site/util/motd.php	2010-07-30 16:19:08 UTC (rev 7060)
+++ site-src/trunk/site/util/motd.php	2010-07-30 21:33:36 UTC (rev 7061)
@@ -1,13 +1,17 @@
 <?php
-$module=$_REQUEST['module'];
-$dir = "motd_files/";
-if (file_exists("$dir/$module")) {
-  $motdFile = "$dir/$module";  
-}
-else {
+
+$dir = '/var/www/html/util/motd_files';
+$module = isset($_REQUEST['module']) ? $_REQUEST['module'] : '';
+
+$motdFile = realpath("$dir/$module");
+
+# Make sure that the motd path does not take us above dir
+if ($motdFile === false ||
+    strncmp($motdFile, "$dir/", strlen($dir)+1) != 0 ||
+    !file_exists($motdFile)) {
   $motdFile = "$dir/VASSAL";
 }
-$fp = fopen($motdFile,"r");
-fpassthru($fp);
-fclose($fp);
-?>
\ No newline at end of file
+
+readfile($motdFile);
+
+?>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
vassalengine-svn mailing list
vas...@li...
https://lists.sourceforge.net/lists/listinfo/vassalengine-svn