[geeklog-cvs] geeklog-1.3/public_html getimage.php,1.1,1.2
tony at geeklog.net
tony at geeklog.net
Tue Jan 6 20:34:13 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv6255
Modified Files:
getimage.php
Log Message:
Added handling of the default mode and now verify the requested file exists. I think this was built to be fairly free from security holes but more testing wouldn't hurt.
Index: getimage.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/getimage.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** getimage.php 7 Jan 2004 01:15:47 -0000 1.1
--- getimage.php 7 Jan 2004 01:34:10 -0000 1.2
***************
*** 69,76 ****
// Can you believe this, some jackass tried to relative pathing to access files they
// shouldn't have access to?
! COM_errorLog('Someone tried to illegally access files using getImage.php');
exit;
}
switch ($mode) {
case 'articles':
--- 69,77 ----
// Can you believe this, some jackass tried to relative pathing to access files they
// shouldn't have access to?
! COM_errorLog('Someone tried to illegally access files using getimage.php');
exit;
}
+ // Set the path properly
switch ($mode) {
case 'articles':
***************
*** 84,90 ****
break;
default:
}
! $downloader->downloadFile($image);
?>
--- 85,98 ----
break;
default:
+ // Hrm, got a bad path, just die
+ exit;
}
! // Let's see if we don't have a legit file. If not bail
! if (is_file($downloader->getPath() . $image)) {
! $downloader->downloadFile($image);
! } else {
! COM_errorLog('File, ' . $downloader->getPath() . $image . ', was not found in getimage.php');
! }
?>
More information about the geeklog-cvs
mailing list