From d649a37823d026d9f0ac9a7c4a67ed39b17cb8b2 Mon Sep 17 00:00:00 2001 From: einhverfr Date: Sat, 21 Oct 2006 02:56:32 +0000 Subject: Fine tuning of whitelisting checks git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@244 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB/AM.pm | 10 +++++++--- bin/am.pl | 7 ------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm index be9e47fe..57c75cb3 100755 --- a/LedgerSMB/AM.pm +++ b/LedgerSMB/AM.pm @@ -1235,9 +1235,13 @@ sub check_template_name { my ($self, $myconfig, $form) = @_; my @allowedsuff = qw(css tex txt html xml); - if ($form->{file} =~ /\.\./){ + if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){ $form->error("Directory transversal not allowed."); } + my $userspath = ${main::userspath}; + if ($form->{file} =~ /^$userspath\//){ + $form->error("Not allowed to access $userspath/ with this method"); + } my $whitelisted = 0; for (@allowedsuff){ if ($form->{file} =~ /$_$/){ @@ -1248,8 +1252,8 @@ sub check_template_name { $form->error("Error: File is of type that is not allowed."); } - if ($form->{file} !~ /^$myconfig->{templates}/){ - $form->error("$!: $form->{file}") unless $form->{file} =~ /^css/; + if ($form->{file} !~ /^$myconfig->{templates}\//){ + $form->error("Not in a whitelisted directory: $form->{file}") unless $form->{file} =~ /^css\//; } } diff --git a/bin/am.pl b/bin/am.pl index f0688126..ce93f3a7 100755 --- a/bin/am.pl +++ b/bin/am.pl @@ -1591,13 +1591,6 @@ sub list_templates { sub display_form { - $form->{file} =~ s/^(.:)*?\/|\.\.\///g; - $form->{file} =~ s/^\/*//g; - $form->{file} =~ s/$userspath//; - $form->{file} =~ s/$memberfile//; - - $form->error("$!: $form->{file}") unless -f $form->{file}; - AM->load_template(\%myconfig, \%$form); $form->{title} = $form->{file}; -- cgit v1.2.3