gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-08 20:46:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix security hole

Browse Source 
missing check for passed parameters allows to read files on the server
This commit is contained in:
Uwe Steinmann 2014-02-26 22:32:19 +01:00
parent d317c744bf
commit 31ffad39a8
2 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
out/out.LogManagement.php
View File

@ -27,7 +27,7 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
} }
if (isset($_GET["logname"])) $logname=$_GET["logname"]; if (isset($_GET["logname"])) $logname=basename($_GET["logname"]);
else $logname=NULL; else $logname=NULL;
if (isset($_GET["mode"])) $mode=$_GET["mode"]; if (isset($_GET["mode"])) $mode=$_GET["mode"];

8
views/bootstrap/class.LogManagement.php
View File

@ -137,15 +137,11 @@ class SeedDMS_View_LogManagement extends SeedDMS_Bootstrap_Style {
<?php <?php
$this->htmlEndPage(); $this->htmlEndPage();
} elseif(file_exists($this->contentdir.$logname)){ } elseif(file_exists($this->contentdir.$logname)){
// $this->htmlStartPage(getMLText("backup_tools"));
// $this->contentSubHeading(sanitizeString($logname));
echo $logname."<pre>\n"; echo $logname."<pre>\n";
readfile($this->contentdir.$logname); readfile($this->contentdir.$logname);
echo "</pre>\n"; echo "</pre>\n";
} else {
// echo "</body>\n</html>\n"; UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
} }
} /* }}} */ } /* }}} */