diff options
| author | plegall <plg@piwigo.org> | 2013-02-11 21:49:28 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2013-02-11 21:49:28 +0000 |
| commit | ca9158ee817910c15449bc19cb595ed6886e3099 (patch) | |
| tree | 8b569a3609e6402c1be9ba14df77a6443c492d42 | |
| parent | 19a57cc890b635f78f7a5e6074efd7ae328dd518 (diff) | |
filter $_GET['dl'], it must be a md5sum-like string and nothing else
git-svn-id: http://piwigo.org/svn/branches/2.4@20706 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | install.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/install.php b/install.php index 5e1153b22..9ccde11df 100644 --- a/install.php +++ b/install.php @@ -109,7 +109,11 @@ include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); @include(PHPWG_ROOT_PATH. 'local/config/config.inc.php'); defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/'); +include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); + // download database config file if exists +check_input_parameter('dl', $_GET, false, '/^[a-f0-9]{32}$/'); + if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl'])) { $filename = PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl']; @@ -156,7 +160,6 @@ if (@file_exists($config_file)) } include(PHPWG_ROOT_PATH . 'include/constants.php'); -include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); include(PHPWG_ROOT_PATH . 'admin/include/functions.php'); include(PHPWG_ROOT_PATH . 'admin/include/languages.class.php'); @@ -284,6 +287,9 @@ define(\'DB_COLLATE\', \'\'); // writing the configuration file if ( !($fp = @fopen( $config_file, 'w' ))) { + // make sure nobody can list files of _data directory + secure_directory(PHPWG_ROOT_PATH.$conf['data_location']); + $tmp_filename = md5(uniqid(time())); $fh = @fopen( PHPWG_ROOT_PATH.$conf['data_location'] . 'pwg_' . $tmp_filename, 'w' ); @fputs($fh, $file_content, strlen($file_content)); |