/[smecontribs]/rpms/smeserver-phpwebftp/contribs9/smeserver-phpwebftp-4.0.bz9528.XSSvulnerability.patch
ViewVC logotype

Contents of /rpms/smeserver-phpwebftp/contribs9/smeserver-phpwebftp-4.0.bz9528.XSSvulnerability.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Aug 3 08:05:50 2016 UTC (8 years, 3 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-phpwebftp-4_0-11_el6_sme, HEAD
* Wed Aug 03 2016 Jean-Philipe Pialasse <tests@pialasse.com> 4.0-11.sme
- fix  XSS security issue in phpwebftp [SME: 9528]
- https://sourceforge.net/p/phpwebftp/bugs/17/
- add utf8 in meta to fix bad display in French

1 diff -Nur smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php
2 --- smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php 2016-08-03 02:10:05.000000000 -0400
3 +++ smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php 2016-08-03 03:43:21.080325488 -0400
4 @@ -22,7 +22,7 @@
5 */
6
7 session_start();
8 -
9 + header('Content-type: text/html; charset=utf-8');// fix incorrect display fr SME9
10 include('config.inc.php'); //load configuration
11 include("include/functions.inc.php");
12 include("include/ftp.class.php");
13 @@ -90,43 +90,43 @@
14 $goPassive=(isset($_POST['goPassive']))?$_POST['goPassive']:$_GET['goPassive'];
15 */
16 if (isset($_POST['goPassive'])) {
17 - $goPassive=$_POST['goPassive'];
18 + $goPassive=strip_tags($_POST['goPassive']);
19 }
20
21 if (isset($_POST['mode'])) {
22 - $ftpMode = $_POST['mode'];
23 + $ftpMode = strip_tags($_POST['mode']);
24 }
25
26 if (isset($_POST['actionType'])) {
27 - $actionType=$_POST['actionType'];
28 + $actionType=strip_tags($_POST['actionType']);
29 }
30
31 if (isset($_POST['currentDir'])) {
32 - $currentDir=stripSlashes($_POST['currentDir']);
33 + $currentDir=strip_tags(stripSlashes($_POST['currentDir']));
34 } else {
35 $currentDir="";
36 }
37
38 if (isset($_POST['file'])) {
39 - $file=$_POST['file'];
40 + $file=strip_tags($_POST['file']);
41 $file=StripSlashes($file);
42 }
43
44 if (isset($_POST['file2'])) {
45 - $file2=$_POST['file2'];
46 + $file2=strip_tags($_POST['file2']);
47 $file2=StripSlashes($file2);
48 }
49
50 if (isset($_POST['permissions'])) {
51 - $permissions=$_POST['permissions'];
52 + $permissions=strip_tags($_POST['permissions']);
53 }
54
55 if (isset($_POST['directory'])) {
56 - $directory=$_POST['directory'];
57 + $directory=strip_tags($_POST['directory']);
58 }
59
60 if (isset($_POST['fileContent'])) {
61 - $fileContent=$_POST['fileContent'];
62 + $fileContent=$_POST['fileContent'];// not sure we could strip_tags( the file
63 }
64
65 if (
66 @@ -138,28 +138,28 @@
67 // login information. That allows relogging in without explicitly
68 // loging out, eg with the "back" button.
69 if ($editDefaultServer)
70 - $_SESSION['server']=$_POST['server'];
71 + $_SESSION['server']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['server']));
72 else
73 $_SESSION['server']=$defaultServer;
74
75 if (isset($_POST['user'])) {
76 - $_SESSION['user']=$_POST['user'];
77 + $_SESSION['user']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['user']));
78 }
79
80 if (isset($_POST['password'])) {
81 - $_SESSION['password']=$_POST['password'];
82 + $_SESSION['password']=strip_tags($_POST['password']);
83 }
84
85 if (isset($_POST['language'])) {
86 - $_SESSION['language']=$_POST['language'];
87 + $_SESSION['language']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['language']));
88 }
89
90 if (isset($_POST['port'])) {
91 - $_SESSION['port']=$_POST['port'];
92 + $_SESSION['port']=preg_replace("/[^0-9]+/i", "",strip_tags($_POST['port']));
93 }
94
95 if (isset($_POST['passive'])) {
96 - $_SESSION['passive']=$_POST['passive'];
97 + $_SESSION['passive']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['passive']));
98 }
99 }
100
101 @@ -182,27 +182,27 @@
102 }
103
104 if (isset($_SESSION['server'])) {
105 - $server=$_SESSION['server'];
106 + $server=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['server']));
107 }
108
109 if (isset($_SESSION['user'])) {
110 - $user=$_SESSION['user'];
111 + $user=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['user']));
112 }
113
114 if (isset($_SESSION['password'])) {
115 - $password=$_SESSION['password'];
116 + $password=strip_tags($_SESSION['password']);
117 }
118
119 if (isset($_SESSION['language'])) {
120 - $language=$_SESSION['language'];
121 + $language=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['language']));
122 }
123
124 if (isset($_SESSION['port'])) {
125 - $port=$_SESSION['port'];
126 + $port=preg_replace("/[^0-9]+/i", "",$_SESSION['port']);
127 }
128
129 if (isset($_SESSION['passive'])) {
130 - $passive=$_SESSION['passive'];
131 + $passive=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['passive']));
132 } else {
133 $passive = false;
134 }
135 @@ -611,7 +611,7 @@
136 </style>
137 <script type="text/javascript">
138 // variables for javascript
139 - var currentUser = "<?=$_SESSION["user"]?>";
140 + var currentUser = "<?=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION["user"]))?>";
141 var dir = "<?=$ftp->currentDir;?>";
142 var uncompress = new Array();
143 <?

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed