gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 16:35:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible DoS

Browse Source
This commit is contained in:
Uwe Steinmann 2022-03-26 18:48:04 +01:00
parent 8d3077cd34
commit d68c922152
3 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -10,6 +10,7 @@
- output splash message when removing, editing, adding a category or keyword
- extensions cannot be disabled/enabled if configuration file is not writeable
- prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php
- fix possible DoS in op/op.RemoveLog.php
--------------------------------------------------------------------------------
Changes in version 5.1.24

1
op/op.RemoveLog.php
View File

@ -41,6 +41,7 @@ if (!isset($_POST["lognames"]) || !is_array($_POST["lognames"])) {
$lognames = $_POST["lognames"];
foreach($lognames as $file) {
$file = basename($file, '.log').'.log';
if(!file_exists($settings->_contentDir.'log/'.$file)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
}

1
out/out.RemoveLog.php
View File

@ -49,6 +49,7 @@ if(!is_array($_GET["logname"]))
else
$lognames = $_GET["logname"];
foreach($lognames as $file) {
$file = basename($file, '.log').'.log';
if(!file_exists($settings->_contentDir.'log/'.$file)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
}