fix security hole

missing check for passed parameters allows to read files on the server
2025-05-08 20:46:05 +00:00 · 2014-02-26 22:32:19 +01:00 · 2014-02-26 22:32:19 +01:00 · 31ffad39a8
commit 31ffad39a8
parent d317c744bf
2 changed files with 3 additions and 7 deletions
--- a/out/out.LogManagement.php
+++ b/out/out.LogManagement.php
@ -27,7 +27,7 @@ if (!$user->isAdmin()) {
 	UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
 }

-if (isset($_GET["logname"])) $logname=$_GET["logname"];
+if (isset($_GET["logname"])) $logname=basename($_GET["logname"]);
 else $logname=NULL;

 if (isset($_GET["mode"])) $mode=$_GET["mode"];
--- a/views/bootstrap/class.LogManagement.php
+++ b/views/bootstrap/class.LogManagement.php
@ -137,15 +137,11 @@ class SeedDMS_View_LogManagement extends SeedDMS_Bootstrap_Style {
 <?php
 		$this->htmlEndPage();
 		} elseif(file_exists($this->contentdir.$logname)){
-//			$this->htmlStartPage(getMLText("backup_tools"));
-
-//			$this->contentSubHeading(sanitizeString($logname));
-
 			echo $logname."<pre>\n";
 			readfile($this->contentdir.$logname);
 			echo "</pre>\n";
-
-//			echo "</body>\n</html>\n";
+		} else {
+			UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
 		}

 	} /* }}} */