Prevent access to .. 2.0_rc1
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 21:22:31 +0000 (21:22 +0000)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 21:22:31 +0000 (21:22 +0000)
webroot/squasher.php

index bd0e817ac3038a6b525cc2813dd14caf0fc81497..8f350d4016c7b4350bbe1b377b411a6c789e0aed 100644 (file)
@@ -283,7 +283,12 @@ if (@$_GET['f']) {
        //set base folders
        $basepath['/'] = 'top';
        $bpath = '';
-       foreach (explode('/', $requestpath) as $key => $value) {
+       $path_fragments = explode('/', $requestpath);
+       if (in_array('..', $path_fragments)) {
+               trigger_error("Unauthorized path ".$requestpath, E_USER_ERROR);
+               die();
+       }
+       foreach ($path_fragments as $key => $value) {
                if ($value != '') {
                        $bpath .= '/'.$value;
                        $basepath[$bpath] = $value;