dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5385640)
fix two xss attacks and one path validation attack
authorRiver Tarnell <kateturner@users.mediawiki.org>
Thu, 14 Oct 2004 02:56:02 +0000 (02:56 +0000)
committerRiver Tarnell <kateturner@users.mediawiki.org>
Thu, 14 Oct 2004 02:56:02 +0000 (02:56 +0000)
includes/ImagePage.php patch | blob | history

diff --git a/includes/ImagePage.php b/includes/ImagePage.php
index 3c558b6..f375c7f 100644 (file)
--- a/includes/ImagePage.php
+++ b/includes/ImagePage.php
@@ -310,11 +310,15 @@ class ImagePage extends Article {
                global $wgUseSquid, $wgInternalServer, $wgDeferredUpdateList;
 
                $oldimage = $wgRequest->getText( 'oldimage' );
-               
                if ( strlen( $oldimage ) < 16 ) {
-                       $wgOut->unexpectedValueError( 'oldimage', $oldimage );
+                       $wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
+                       return;
+               }
+               if ( strstr( $oldimage, "/" ) || strstr( $oldimage, "\\" ) ) {
+                       $wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
                        return;
                }
+
                if ( wfReadOnly() ) {
                        $wgOut->readOnlyPage();
                        return;
@@ -330,7 +334,7 @@ class ImagePage extends Article {
                $curfile = "{$dest}/{$name}";
 
                if ( ! is_file( $curfile ) ) {
-                       $wgOut->fileNotFoundError( $curfile );
+                       $wgOut->fileNotFoundError( htmlspecialchars( $curfile ) );
                        return;
                }
                $oldver = wfTimestampNow() . "!{$name}";
Wiklou, le Wiki du Wiklou