mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

Slight improvements to file security (scan for more bad characters)

Browse Source
This commit is contained in:
moodler 2002-11-21 02:51:50 +00:00
parent 6e07f68039
commit 780db23080
2 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/weblib.php
View File

@ -358,7 +358,13 @@ function get_slash_arguments($i=0) {
return false; return false;
} }
if (strpos($PATH_INFO, "..")) { // check for funny business if (strpos($PATH_INFO, "..")) { // check for parent URLs
return false;
}
if (strpos($PATH_INFO, "|")) { // check for pipes
return false;
}
if (strpos($PATH_INFO, "`")) { // check for backquotes
return false; return false;
} }

18
user/pix.php
View File

@ -30,14 +30,16 @@
$lastmodified = filemtime($pathname); $lastmodified = filemtime($pathname);
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT"); if (file_exists($pathname)) {
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
header("Cache-control: max_age = $lifetime"); // a day header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
header("Pragma: "); header("Cache-control: max_age = $lifetime"); // a day
header("Content-disposition: inline; filename=$image"); header("Pragma: ");
header("Content-length: ".filesize($pathname)); header("Content-disposition: inline; filename=$image");
header("Content-type: image/jpeg"); header("Content-length: ".filesize($pathname));
readfile("$pathname"); header("Content-type: image/jpeg");
readfile("$pathname");
}
exit; exit;
?> ?>