Fixed Security Exploit
There was an security exploit brought to my attention today. I have fixed this exploit in the trunk and branched versions. Please replace the app/webroot/js/vendors.php with this file.
https://trac.cakephp.org/browser/trunk/cake/1.x.x.x/app/webroot/js/ve...
This exploit is important to correct since it would allow reading files outside of the vendors/javascript directory when magic_quotes_gpc = Off.
And I put this file here:
<?php
/* SVN FILE: $Id$ */
/**
* Short description for file.
*
* This file includes js vendor-files from /vendor/ directory if they need to
* be accessible to the public.
*
* PHP versions 4 and 5
*
* CakePHP : Rapid Development Framework <http://www.cakephp.org/>
* Copyright (c) 2006, Cake Software Foundation, Inc.
* 1785 E. Sahara Avenue, Suite 490-204
* Las Vegas, Nevada 89104
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @filesource
* @copyright Copyright (c) 2006, Cake Software Foundation, Inc.
* @link http://www.cakefoundation.org/projects/info/cakephp CakePHP Project
* @package cake
* @subpackage cake.app.webroot.js
* @since CakePHP v 0.2.9
* @version $Revision$
* @modifiedby $LastChangedBy$
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
*/
/**
* Enter description here...
*/
$file = $_GET['file'];
$pos = strpos($file, '..');
if ($pos === false) {
if(is_file('../../vendors/javascript/'.$file) && (preg_match('/(\/.+)\\.js/', $file)))
{
readfile('../../vendors/javascript/'.$file);
}
} else {
header('HTTP/1.1 404 Not Found');
}
?>
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home