forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: cpguser on April 18, 2006, 12:02:40 am
-
There has been a suggestion posted by Dariusz Kolasinski in bugtraq regarding vuln. discovered by imei addmimistrator
...change...
[SNIP]
$file = str_replace('//','',str_replace('..','',$_GET['file']));
[/SNIP]
to:
[SNIP]
$file = str_replace('..','',$_GET['file']);
[/SNIP]
Is this viable? Should we apply this workaround?
-
you already asked this, and I moved your posting to a dev-only zone for discussion, leaving a redirector thread that told you exactly that. Once we have looked into the issue, we'll post a fix. Don't keep on posting the same question again. Comment out the whole line if you're afraid as suggested by Nibbler on the dev-only thread:
I'd recommend commenting out the section involved until someone comes up with a way to clean it properly.
/*
if (isset($_GET['file'])) {
// Scrub: Remove '..' and leftover '//' from filename
$file = str_replace('//','',str_replace('..','',$_GET['file']));
$path = './plugins/'.$file.'.php';
// Don't include the codebase and credits files
if ($file != 'codebase' && $file != 'configuration' && file_exists($path)) {
// Include the code from the plugin
include_once($path);
$file = true;
} else {
$file = false;
}
}
*/
-
Don't keep on posting the same question again.
It is really not the same question. is it? First post was to inform you in case you were not aware. That post was moved to a board which I don't have access to hence there was no way I could have seen Nibbler's suggestion.
-
as I suggested: Nibbler's code is a quick'n dirty fix, not a final one. We're looking for a final fix as soon as possible and will announce it publicly.
-
http://forum.coppermine-gallery.net/index.php?topic=30655.0