Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 19141 Details for
Bug 26782
dev-php/phpsysinfo
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to disallow '..' in template and language filenames
phpsysinfo-2.1-urlencoded-security-fix.diff (text/plain), 503 bytes, created by
Doug Weimer
on 2003-10-12 12:39:41 UTC
(
hide
)
Description:
Patch to disallow '..' in template and language filenames
Filename:
MIME Type:
Creator:
Doug Weimer
Created:
2003-10-12 12:39:41 UTC
Size:
503 bytes
patch
obsolete
>--- phpSysInfo-2.1/index.php.old 2003-10-12 12:21:25.000000000 -0700 >+++ phpSysInfo-2.1/index.php 2003-10-12 12:22:24.000000000 -0700 >@@ -40,6 +40,14 @@ > > define('APP_ROOT', dirname(__FILE__)); > >+if(isset($template) && preg_match("/\.\.|\//", $template)) { >+ $template='classic'; >+} >+ >+if (isset($lng) && preg_match("/\.\.|\//", $lng)) { >+ $lng = 'en'; >+} >+ > // check to see if we have a random template first > if (isset($template) && $template == 'random') { > $dir = opendir('templates/');
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=19141">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 26782
: 19141
