diff -Nur smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php --- smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php 2016-08-03 02:10:05.000000000 -0400 +++ smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php 2016-08-03 03:43:21.080325488 -0400 @@ -22,7 +22,7 @@ */ session_start(); - + header('Content-type: text/html; charset=utf-8');// fix incorrect display fr SME9 include('config.inc.php'); //load configuration include("include/functions.inc.php"); include("include/ftp.class.php"); @@ -90,43 +90,43 @@ $goPassive=(isset($_POST['goPassive']))?$_POST['goPassive']:$_GET['goPassive']; */ if (isset($_POST['goPassive'])) { - $goPassive=$_POST['goPassive']; + $goPassive=strip_tags($_POST['goPassive']); } if (isset($_POST['mode'])) { - $ftpMode = $_POST['mode']; + $ftpMode = strip_tags($_POST['mode']); } if (isset($_POST['actionType'])) { - $actionType=$_POST['actionType']; + $actionType=strip_tags($_POST['actionType']); } if (isset($_POST['currentDir'])) { - $currentDir=stripSlashes($_POST['currentDir']); + $currentDir=strip_tags(stripSlashes($_POST['currentDir'])); } else { $currentDir=""; } if (isset($_POST['file'])) { - $file=$_POST['file']; + $file=strip_tags($_POST['file']); $file=StripSlashes($file); } if (isset($_POST['file2'])) { - $file2=$_POST['file2']; + $file2=strip_tags($_POST['file2']); $file2=StripSlashes($file2); } if (isset($_POST['permissions'])) { - $permissions=$_POST['permissions']; + $permissions=strip_tags($_POST['permissions']); } if (isset($_POST['directory'])) { - $directory=$_POST['directory']; + $directory=strip_tags($_POST['directory']); } if (isset($_POST['fileContent'])) { - $fileContent=$_POST['fileContent']; + $fileContent=$_POST['fileContent'];// not sure we could strip_tags( the file } if ( @@ -138,28 +138,28 @@ // login information. That allows relogging in without explicitly // loging out, eg with the "back" button. if ($editDefaultServer) - $_SESSION['server']=$_POST['server']; + $_SESSION['server']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['server'])); else $_SESSION['server']=$defaultServer; if (isset($_POST['user'])) { - $_SESSION['user']=$_POST['user']; + $_SESSION['user']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['user'])); } if (isset($_POST['password'])) { - $_SESSION['password']=$_POST['password']; + $_SESSION['password']=strip_tags($_POST['password']); } if (isset($_POST['language'])) { - $_SESSION['language']=$_POST['language']; + $_SESSION['language']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['language'])); } if (isset($_POST['port'])) { - $_SESSION['port']=$_POST['port']; + $_SESSION['port']=preg_replace("/[^0-9]+/i", "",strip_tags($_POST['port'])); } if (isset($_POST['passive'])) { - $_SESSION['passive']=$_POST['passive']; + $_SESSION['passive']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['passive'])); } } @@ -182,27 +182,27 @@ } if (isset($_SESSION['server'])) { - $server=$_SESSION['server']; + $server=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['server'])); } if (isset($_SESSION['user'])) { - $user=$_SESSION['user']; + $user=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['user'])); } if (isset($_SESSION['password'])) { - $password=$_SESSION['password']; + $password=strip_tags($_SESSION['password']); } if (isset($_SESSION['language'])) { - $language=$_SESSION['language']; + $language=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['language'])); } if (isset($_SESSION['port'])) { - $port=$_SESSION['port']; + $port=preg_replace("/[^0-9]+/i", "",$_SESSION['port']); } if (isset($_SESSION['passive'])) { - $passive=$_SESSION['passive']; + $passive=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['passive'])); } else { $passive = false; } @@ -611,7 +611,7 @@