mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-07 23:26:41 +02:00
Code Issues Releases Wiki Activity

Issue GHSA-92fr-7h4f-22pp

Browse Source
This commit is contained in:
camer0n
2023-08-22 13:28:10 -07:00
parent abf94d0310
commit 9aa8de4f7d
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
e107_admin/users.php
View File

@@ -1684,7 +1684,7 @@ class users_admin_ui extends e_admin_ui
} }
// Make Admin. // Make Admin.
if(getperms('4|U0')) // Quick Add User access should not be allowed to create new users with escalated perms. if(getperms('4|U0')) // Quick Add User access should not be allowed to create new users with escalated perms.
{ {
$text .= " $text .= "
<tr> <tr>

4
e107_handlers/file_class.php
View File

@@ -2233,6 +2233,10 @@ class e_file
$tmp = parse_url($targetFile); $tmp = parse_url($targetFile);
$targetFile = $tmp['path']; $targetFile = $tmp['path'];
$remote = true; $remote = true;
if(!empty($tmp['host']) && ($tmp['host'] === 'localhost' || $tmp['host'] === '127.0.0.1'))
{
return false;
}
} }
$ext = pathinfo($targetFile, PATHINFO_EXTENSION); $ext = pathinfo($targetFile, PATHINFO_EXTENSION);

7
e107_tests/tests/unit/e_fileTest.php
View File

@@ -157,9 +157,14 @@ class e_fileTest extends \Codeception\Test\Unit
array('path'=> e_SYSTEM."filetypes.xml", 'expected' => true), // permitted array('path'=> e_SYSTEM."filetypes.xml", 'expected' => true), // permitted
array('path'=> e_PLUGIN."gallery/images/butterfly.jpg", 'expected' => true), // permitted array('path'=> e_PLUGIN."gallery/images/butterfly.jpg", 'expected' => true), // permitted
array('path'=> 'http://127.0.0.1:8070/file.svg', 'expected'=>false), // not permitted array('path'=> 'http://127.0.0.1:8070/file.svg', 'expected'=>false), // not permitted
array('path'=> 'http://127.0.0.1:8070/butterfly.jpg', 'expected'=>true), // permitted array('path'=> 'http://127.0.0.1:8070/butterfly.jpg', 'expected'=>false), // not permitted
array('path'=> 'http://localhost:8070/file.svg', 'expected'=>false), // not permitted
array('path'=> 'http://localhost:8070/butterfly.jpg', 'expected'=>false), // not permitted
array('path'=> 'http://domain.com:8070/file.svg', 'expected'=>false), // suspicious
array('path'=> 'http://domain.com:8070/butterfly.jpg', 'expected'=>true), // permitted
array('path'=> 'http://127.0.0.1/bla.php', 'expected'=>false), // suspicious array('path'=> 'http://127.0.0.1/bla.php', 'expected'=>false), // suspicious
array('path'=> 'http://127.0.0.1/bla.php?butterfly.jpg', 'expected'=>false), // suspicious array('path'=> 'http://127.0.0.1/bla.php?butterfly.jpg', 'expected'=>false), // suspicious
); );
foreach($isAllowedTest as $file) foreach($isAllowedTest as $file)