mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 11:19:55 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge r20706 from branch 2.4 to trunk

Browse source 
bug 2843: filter $_GET['dl'], it must be a md5sum-like string and nothing else


git-svn-id: http://piwigo.org/svn/trunk@20707 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2013-02-11 21:52:29 +00:00
parent 853dea3625
commit ed1b88c550
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
install.php
View file

@ -109,7 +109,11 @@ include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
@include(PHPWG_ROOT_PATH. 'local/config/config.inc.php'); @include(PHPWG_ROOT_PATH. 'local/config/config.inc.php');
defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/'); defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/');
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
// download database config file if exists // download database config file if exists
check_input_parameter('dl', $_GET, false, '/^[a-f0-9]{32}$/');
if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl'])) if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl']))
{ {
$filename = PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl']; $filename = PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl'];
@ -156,7 +160,6 @@ if (@file_exists($config_file))
} }
include(PHPWG_ROOT_PATH . 'include/constants.php'); include(PHPWG_ROOT_PATH . 'include/constants.php');
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
include(PHPWG_ROOT_PATH . 'admin/include/functions.php'); include(PHPWG_ROOT_PATH . 'admin/include/functions.php');
include(PHPWG_ROOT_PATH . 'admin/include/languages.class.php'); include(PHPWG_ROOT_PATH . 'admin/include/languages.class.php');
@ -284,6 +287,9 @@ define(\'DB_COLLATE\', \'\');
// writing the configuration file // writing the configuration file
if ( !($fp = @fopen( $config_file, 'w' ))) if ( !($fp = @fopen( $config_file, 'w' )))
{ {
// make sure nobody can list files of _data directory
secure_directory(PHPWG_ROOT_PATH.$conf['data_location']);
$tmp_filename = md5(uniqid(time())); $tmp_filename = md5(uniqid(time()));
$fh = @fopen( PHPWG_ROOT_PATH.$conf['data_location'] . 'pwg_' . $tmp_filename, 'w' ); $fh = @fopen( PHPWG_ROOT_PATH.$conf['data_location'] . 'pwg_' . $tmp_filename, 'w' );
@fputs($fh, $file_content, strlen($file_content)); @fputs($fh, $file_content, strlen($file_content));