phpix bug 229794 security patch
It's not the most beatiful patch. (die is evil) but it seems to work.
Is it secure enough?
Daniel van Eeden <daniel_e@dds.nl>
Common subdirectories: phpix-2.0.2.orig/albums and phpix-2.0.2/albums
Only in phpix-2.0.2: build-stamp
Common subdirectories: phpix-2.0.2.orig/CVS and phpix-2.0.2/CVS
Common subdirectories: phpix-2.0.2.orig/debian and phpix-2.0.2/debian
diff -u phpix-2.0.2.orig/index.phtml phpix-2.0.2/index.phtml
--- phpix-2.0.2.orig/index.phtml 2003-04-28 02:45:50.000000000 +0200
+++ phpix-2.0.2/index.phtml 2004-01-31 14:59:51.000000000 +0100
@@ -12,6 +12,23 @@
$version = "2.0.2-debian";
+/* security checks */
+if ($album) {
+ if (!is_dir("/var/www/phpix/albums/" . $album)) {
+ die("Acces denied.");
+ }
+ $wgetpos = strpos($album,"wget");
+ $fetchpos = strpos($album,"fetch");
+ if (($fetchpos === true) or ($wgetpos === true)) {
+ die("Acces denied.");
+ }
+}
+if ($pic) {
+ if (!is_file("/var/www/phpix/albums/" . $album . "/" . $pic)) {
+ die("Acces denied.");
+ }
+}
+
print "<HTML>\n";
print "<HEAD>\n";
if ($mode == "album" or $mode == "view") {
Only in phpix-2.0.2: phpix.1
Only in phpix-2.0.2: phpix-create-new-instance.1
Reply to: