/[smecontribs]/rpms/smeserver-phpwebftp/contribs9/smeserver-phpwebftp-4.0.bz9528.XSSvulnerability.patch
ViewVC logotype

Annotation of /rpms/smeserver-phpwebftp/contribs9/smeserver-phpwebftp-4.0.bz9528.XSSvulnerability.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Aug 3 08:05:50 2016 UTC (8 years, 3 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-phpwebftp-4_0-11_el6_sme, HEAD
* Wed Aug 03 2016 Jean-Philipe Pialasse <tests@pialasse.com> 4.0-11.sme
- fix  XSS security issue in phpwebftp [SME: 9528]
- https://sourceforge.net/p/phpwebftp/bugs/17/
- add utf8 in meta to fix bad display in French

1 unnilennium 1.1 diff -Nur smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php
2     --- smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php 2016-08-03 02:10:05.000000000 -0400
3     +++ smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php 2016-08-03 03:43:21.080325488 -0400
4     @@ -22,7 +22,7 @@
5     */
6    
7     session_start();
8     -
9     + header('Content-type: text/html; charset=utf-8');// fix incorrect display fr SME9
10     include('config.inc.php'); //load configuration
11     include("include/functions.inc.php");
12     include("include/ftp.class.php");
13     @@ -90,43 +90,43 @@
14     $goPassive=(isset($_POST['goPassive']))?$_POST['goPassive']:$_GET['goPassive'];
15     */
16     if (isset($_POST['goPassive'])) {
17     - $goPassive=$_POST['goPassive'];
18     + $goPassive=strip_tags($_POST['goPassive']);
19     }
20    
21     if (isset($_POST['mode'])) {
22     - $ftpMode = $_POST['mode'];
23     + $ftpMode = strip_tags($_POST['mode']);
24     }
25    
26     if (isset($_POST['actionType'])) {
27     - $actionType=$_POST['actionType'];
28     + $actionType=strip_tags($_POST['actionType']);
29     }
30    
31     if (isset($_POST['currentDir'])) {
32     - $currentDir=stripSlashes($_POST['currentDir']);
33     + $currentDir=strip_tags(stripSlashes($_POST['currentDir']));
34     } else {
35     $currentDir="";
36     }
37    
38     if (isset($_POST['file'])) {
39     - $file=$_POST['file'];
40     + $file=strip_tags($_POST['file']);
41     $file=StripSlashes($file);
42     }
43    
44     if (isset($_POST['file2'])) {
45     - $file2=$_POST['file2'];
46     + $file2=strip_tags($_POST['file2']);
47     $file2=StripSlashes($file2);
48     }
49    
50     if (isset($_POST['permissions'])) {
51     - $permissions=$_POST['permissions'];
52     + $permissions=strip_tags($_POST['permissions']);
53     }
54    
55     if (isset($_POST['directory'])) {
56     - $directory=$_POST['directory'];
57     + $directory=strip_tags($_POST['directory']);
58     }
59    
60     if (isset($_POST['fileContent'])) {
61     - $fileContent=$_POST['fileContent'];
62     + $fileContent=$_POST['fileContent'];// not sure we could strip_tags( the file
63     }
64    
65     if (
66     @@ -138,28 +138,28 @@
67     // login information. That allows relogging in without explicitly
68     // loging out, eg with the "back" button.
69     if ($editDefaultServer)
70     - $_SESSION['server']=$_POST['server'];
71     + $_SESSION['server']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['server']));
72     else
73     $_SESSION['server']=$defaultServer;
74    
75     if (isset($_POST['user'])) {
76     - $_SESSION['user']=$_POST['user'];
77     + $_SESSION['user']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['user']));
78     }
79    
80     if (isset($_POST['password'])) {
81     - $_SESSION['password']=$_POST['password'];
82     + $_SESSION['password']=strip_tags($_POST['password']);
83     }
84    
85     if (isset($_POST['language'])) {
86     - $_SESSION['language']=$_POST['language'];
87     + $_SESSION['language']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['language']));
88     }
89    
90     if (isset($_POST['port'])) {
91     - $_SESSION['port']=$_POST['port'];
92     + $_SESSION['port']=preg_replace("/[^0-9]+/i", "",strip_tags($_POST['port']));
93     }
94    
95     if (isset($_POST['passive'])) {
96     - $_SESSION['passive']=$_POST['passive'];
97     + $_SESSION['passive']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['passive']));
98     }
99     }
100    
101     @@ -182,27 +182,27 @@
102     }
103    
104     if (isset($_SESSION['server'])) {
105     - $server=$_SESSION['server'];
106     + $server=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['server']));
107     }
108    
109     if (isset($_SESSION['user'])) {
110     - $user=$_SESSION['user'];
111     + $user=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['user']));
112     }
113    
114     if (isset($_SESSION['password'])) {
115     - $password=$_SESSION['password'];
116     + $password=strip_tags($_SESSION['password']);
117     }
118    
119     if (isset($_SESSION['language'])) {
120     - $language=$_SESSION['language'];
121     + $language=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['language']));
122     }
123    
124     if (isset($_SESSION['port'])) {
125     - $port=$_SESSION['port'];
126     + $port=preg_replace("/[^0-9]+/i", "",$_SESSION['port']);
127     }
128    
129     if (isset($_SESSION['passive'])) {
130     - $passive=$_SESSION['passive'];
131     + $passive=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['passive']));
132     } else {
133     $passive = false;
134     }
135     @@ -611,7 +611,7 @@
136     </style>
137     <script type="text/javascript">
138     // variables for javascript
139     - var currentUser = "<?=$_SESSION["user"]?>";
140     + var currentUser = "<?=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION["user"]))?>";
141     var dir = "<?=$ftp->currentDir;?>";
142     var uncompress = new Array();
143     <?

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed