phpix bug 229794 security patch

To: 229794@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: phpix bug 229794 security patch
From: Daniel van Eeden <daniel_e@dds.nl>
Date: Sat, 31 Jan 2004 15:08:23 +0100
Message-id: <[🔎] 1075558102.24136.4.camel@pc1.driebergenweb.org>

It's not the most beatiful patch. (die is evil) but it seems to work.
Is it secure enough?

Daniel van Eeden <daniel_e@dds.nl>

Common subdirectories: phpix-2.0.2.orig/albums and phpix-2.0.2/albums
Only in phpix-2.0.2: build-stamp
Common subdirectories: phpix-2.0.2.orig/CVS and phpix-2.0.2/CVS
Common subdirectories: phpix-2.0.2.orig/debian and phpix-2.0.2/debian
diff -u phpix-2.0.2.orig/index.phtml phpix-2.0.2/index.phtml
--- phpix-2.0.2.orig/index.phtml	2003-04-28 02:45:50.000000000 +0200
+++ phpix-2.0.2/index.phtml	2004-01-31 14:59:51.000000000 +0100
@@ -12,6 +12,23 @@
 
 $version = "2.0.2-debian";
 
+/* security checks */
+if ($album) {
+  if (!is_dir("/var/www/phpix/albums/" . $album)) {
+    die("Acces denied.");
+  }
+  $wgetpos = strpos($album,"wget");
+  $fetchpos = strpos($album,"fetch");
+  if (($fetchpos === true) or ($wgetpos === true)) {
+    die("Acces denied.");
+  }
+}
+if ($pic) {
+  if (!is_file("/var/www/phpix/albums/" . $album . "/" . $pic)) {
+    die("Acces denied.");
+  }
+}
+
 print "<HTML>\n";
 print "<HEAD>\n";
 if ($mode == "album" or $mode == "view") {
Only in phpix-2.0.2: phpix.1
Only in phpix-2.0.2: phpix-create-new-instance.1

Reply to:

Prev by Date: Email undelivered
Next by Date: Re: phpix bug 229794 security patch
Previous by thread: Email undelivered
Next by thread: Re: phpix bug 229794 security patch
Index(es):
- Date
- Thread