Changeset 2421

Show
Ignore:
Timestamp:
09/14/06 01:29:49 (7 years ago)
Author:
qldrob
Message:

Merged revisions 2419 via svnmerge from
https://svn.sourceforge.net/svnroot/amportal/modules/branches/2.1

........

r2419 | qldrob | 2006-09-14 15:23:06 +1000 (Thu, 14 Sep 2006) | 2 lines


Fix remote command execution vulnerablity on del reqeuest (Thanks again to Barrie!)

........

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.2

    • Property svnmerge-integrated changed from /modules/branches/2.1:1-2166,2289,2414 to /modules/branches/2.1:1-2166,2289,2414,2419

  • modules/branches/2.2/music/page.music.php

    r2290 r2421  
    287287 
    288288  if (isset($_REQUEST['del'])) { 
     289    $del = $_REQUEST['del']; 
     290    if (strpos($del, "\"") || strpos($del, "\'") || strpos($del, "\;")) { 
     291      print "You're trying to use an invalid character. Please don't.\n";  
     292      exit;  
     293    } 
    289294    if (($numf == 1) && ($category == "Default") ){ 
    290295      echo "<h5>"._("You must have at least one file for On Hold Music.  Please upload one before deleting this one.")."</h5>"; 
    291296    } else { 
    292       $rmcmd="rm -f \"".$path_to_dir."/".$_REQUEST['del']."\""; 
     297      $rmcmd="rm -f \"".$path_to_dir."/".$del."\""; 
    293298      exec($rmcmd); 
    294       echo "<h5>"._("Deleted")." ".$_REQUEST['del']."!</h5>"; 
     299      echo "<h5>"._("Deleted")." ".$del."!</h5>"; 
    295300      //kill_mpg123(); 
    296301      needreload();