From 780db230802109d02aebf430528f1fbacd9aecab Mon Sep 17 00:00:00 2001 From: moodler Date: Thu, 21 Nov 2002 02:51:50 +0000 Subject: [PATCH] Slight improvements to file security (scan for more bad characters) --- lib/weblib.php | 8 +++++++- user/pix.php | 18 ++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/lib/weblib.php b/lib/weblib.php index 19dcab0ba32..5c9b8c40811 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -358,7 +358,13 @@ function get_slash_arguments($i=0) { return false; } - if (strpos($PATH_INFO, "..")) { // check for funny business + if (strpos($PATH_INFO, "..")) { // check for parent URLs + return false; + } + if (strpos($PATH_INFO, "|")) { // check for pipes + return false; + } + if (strpos($PATH_INFO, "`")) { // check for backquotes return false; } diff --git a/user/pix.php b/user/pix.php index d81853d0040..9a07f13b47a 100644 --- a/user/pix.php +++ b/user/pix.php @@ -30,14 +30,16 @@ $lastmodified = filemtime($pathname); - header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT"); - header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT"); - header("Cache-control: max_age = $lifetime"); // a day - header("Pragma: "); - header("Content-disposition: inline; filename=$image"); - header("Content-length: ".filesize($pathname)); - header("Content-type: image/jpeg"); - readfile("$pathname"); + if (file_exists($pathname)) { + header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT"); + header("Cache-control: max_age = $lifetime"); // a day + header("Pragma: "); + header("Content-disposition: inline; filename=$image"); + header("Content-length: ".filesize($pathname)); + header("Content-type: image/jpeg"); + readfile("$pathname"); + } exit; ?>