Changeset 20707


Ignore:
Timestamp:
02/11/13 22:52:29 (7 years ago)
Author:
plg
Message:

merge r20706 from branch 2.4 to trunk

bug 2843: filter $_GETdl, it must be a md5sum-like string and nothing else

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/install.php

    r20546 r20707  
    110110defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/'); 
    111111 
     112include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); 
     113 
    112114// download database config file if exists 
     115check_input_parameter('dl', $_GET, false, '/^[a-f0-9]{32}$/'); 
     116 
    113117if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl'])) 
    114118{ 
     
    157161 
    158162include(PHPWG_ROOT_PATH . 'include/constants.php'); 
    159 include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); 
    160163include(PHPWG_ROOT_PATH . 'admin/include/functions.php'); 
    161164 
     
    285288    if ( !($fp = @fopen( $config_file, 'w' ))) 
    286289    { 
     290      // make sure nobody can list files of _data directory 
     291      secure_directory(PHPWG_ROOT_PATH.$conf['data_location']); 
     292       
    287293      $tmp_filename = md5(uniqid(time())); 
    288294      $fh = @fopen( PHPWG_ROOT_PATH.$conf['data_location'] . 'pwg_' . $tmp_filename, 'w' ); 
Note: See TracChangeset for help on using the changeset viewer.