From: River Tarnell <kateturner@users.mediawiki.org>
Date: Thu, 14 Oct 2004 02:56:02 +0000 (+0000)
Subject: fix two xss attacks and one path validation attack
X-Git-Tag: 1.5.0alpha1~1561
X-Git-Url: https://git.cyclocoop.org/%28%28?a=commitdiff_plain;h=357fd788fdc531b1d9c43aa397938b1e31ff3594;p=lhc%2Fweb%2Fwiklou.git

fix two xss attacks and one path validation attack
---

diff --git a/includes/ImagePage.php b/includes/ImagePage.php
index 3c558b6436..f375c7fd62 100644
--- a/includes/ImagePage.php
+++ b/includes/ImagePage.php
@@ -310,11 +310,15 @@ class ImagePage extends Article {
 		global $wgUseSquid, $wgInternalServer, $wgDeferredUpdateList;
 
 		$oldimage = $wgRequest->getText( 'oldimage' );
-		
 		if ( strlen( $oldimage ) < 16 ) {
-			$wgOut->unexpectedValueError( 'oldimage', $oldimage );
+			$wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
+			return;
+		}
+		if ( strstr( $oldimage, "/" ) || strstr( $oldimage, "\\" ) ) {
+			$wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
 			return;
 		}
+
 		if ( wfReadOnly() ) {
 			$wgOut->readOnlyPage();
 			return;
@@ -330,7 +334,7 @@ class ImagePage extends Article {
 		$curfile = "{$dest}/{$name}";
 
 		if ( ! is_file( $curfile ) ) {
-			$wgOut->fileNotFoundError( $curfile );
+			$wgOut->fileNotFoundError( htmlspecialchars( $curfile ) );
 			return;
 		}
 		$oldver = wfTimestampNow() . "!{$name}";