diff options
author | plegall <plg@piwigo.org> | 2013-02-12 10:01:46 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2013-02-12 10:01:46 +0000 |
commit | ff5b60a215769bcf046bb9109b61ffe6af0ca5eb (patch) | |
tree | caf6066f015c0bd09620fb720c689a22552f1c99 /plugins/LocalFilesEditor/include/tpl.inc.php | |
parent | ca9158ee817910c15449bc19cb595ed6886e3099 (diff) |
bug 2844: increase security on LocalFiles Editor, filter on files to edit.
git-svn-id: http://piwigo.org/svn/branches/2.4@20712 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'plugins/LocalFilesEditor/include/tpl.inc.php')
-rw-r--r-- | plugins/LocalFilesEditor/include/tpl.inc.php | 51 |
1 files changed, 34 insertions, 17 deletions
diff --git a/plugins/LocalFilesEditor/include/tpl.inc.php b/plugins/LocalFilesEditor/include/tpl.inc.php index 1063b2238..4e985ac92 100644 --- a/plugins/LocalFilesEditor/include/tpl.inc.php +++ b/plugins/LocalFilesEditor/include/tpl.inc.php @@ -1,21 +1,34 @@ <?php - if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); -$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : ''; -$content_file = ''; +$edited_file = ''; -if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit'])) +if (isset($_POST['edit'])) { - $edited_file = $_POST['file_to_edit']; - if (file_exists($edited_file)) + $_POST['template'] = $_POST['file_to_edit']; +} + +if (!empty($_POST['template'])) +{ + if (preg_match('#\.\./#', $_POST['template'])) { - $content_file = file_get_contents($edited_file); + die('Hacking attempt! template extension must be in template-extension directory'); } - else + + if (!preg_match('#\.tpl$#', $_POST['template'])) { - $content_file = ''; + die('Hacking attempt! template extension must be a *.tpl file'); } + + $template->assign('template', $_POST['template']); + + $edited_file = './template-extension/'.$_POST['template']; +} + +$content_file = ''; +if (file_exists($edited_file)) +{ + $content_file = file_get_contents($edited_file); } $newfile_page = isset($_GET['newfile']); @@ -50,6 +63,7 @@ if (isset($_POST['create_tpl'])) } else { + $template->assign('template', $filename); $edited_file = $_POST['tpl_parent'] . '/' . $filename; $content_file = ($_POST['tpl_model'] == '0') ? '' : file_get_contents($_POST['tpl_model']); } @@ -117,7 +131,7 @@ else $options[] = '----------------------'; foreach (get_extents() as $pwg_template) { - $value = './template-extension/' . $pwg_template; + $value = $pwg_template; $options[$value] = str_replace('/', ' / ', $pwg_template); if ($edited_file == $value) $selected = $value; } @@ -126,13 +140,16 @@ else $options[$edited_file] = str_replace(array('./template-extension/', '/'), array('', ' / '), $edited_file); $selected = $edited_file; } - $template->assign('css_lang_tpl', array( - 'OPTIONS' => $options, - 'SELECTED' => $selected, - 'NEW_FILE_URL' => $my_base_url.'-tpl&newfile', - 'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right' - ) - ); + $template->assign( + 'css_lang_tpl', + array( + 'SELECT_NAME' => 'file_to_edit', + 'OPTIONS' => $options, + 'SELECTED' => $selected, + 'NEW_FILE_URL' => $my_base_url.'-tpl&newfile', + 'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right' + ) + ); } $codemirror_mode = 'text/html'; |