scriptsz > DataLife Engine > DataLife Engine v8.5 Bug Fix Insufficient filtering of incoming data
DataLife Engine v8.5 Bug Fix Insufficient filtering of incoming data16-06-2010, 11:30. author: reishi |
|
Problem: The user is allowed to upload files to a server (no pictures), may go beyond the limits permitted by the download folder, and if he has the administrator account on the site, then interrogate the script. Error in: All versions The degree of danger: Medium (High if the administrator account on the site) To fix, open the file engine / inc / files.php and find: $ Serverfile = trim (htmlspecialchars (strip_tags ($ _POST ['serverfile']))); replace with: if ($ member_id ['user_group'] == 1) $ serverfile = trim (htmlspecialchars (strip_tags ($ _POST ['serverfile']))); else $ serverfile =''; if ($ serverfile! ='') ( $ Serverfile = str_replace ("\ \", "/", $ serverfile); $ Serverfile = str_replace ("..", "", $ serverfile); $ Serverfile = str_replace ("/", "", $ serverfile); $ Serverfile_arr = explode (".", $ Serverfile); $ Type = totranslit (end ($ serverfile_arr)); $ Curr_key = key ($ serverfile_arr); unset ($ serverfile_arr [$ curr_key]); if (in_array (strtolower ($ type), $ allowed_files)) $ Serverfile = totranslit (implode (".", $ Serverfile_arr)). "." . $ Type; else $ serverfile =''; } if ($ serverfile == ". htaccess") die ("Hacking attempt!"); Click file engine / classes / thumb.class.php and find: $ This-> img ['des'] = imagecreatetruecolor ($ this-> img ['lebar_thumb'], $ this-> img ['tinggi_thumb']); and add above: if ($ this-> img ['lebar_thumb'] <1) $ this-> img ['lebar_thumb'] = 1; if ($ this-> img ['tinggi_thumb'] <1) $ this-> img ['tinggi_thumb'] = 1; Distribution version 8.5 has been updated. Back |