WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/29/2004 10:43:07 PM (22 years ago)
Author:
rboren
Message:

Fix security bug in the template editor. http://wordpress.org/support/3/3667

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/templates.php

    r1020 r1028  
    1212    return $array;
    1313}
     14
     15function validate_file($file) {
     16    if ('..' == substr($file,0,2))
     17        die ('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.');
     18   
     19    if (':' == substr($file,1,1))
     20        die ('Sorry, can’t call files with their real path.');
     21
     22    if ('/' == substr($file,0,1))
     23        $file = '.' . $file;
     24   
     25    $file = stripslashes($file);
     26    $file = str_replace('../', '', $file);
     27
     28    return $file;
     29}
    1430
    1531if (!get_magic_quotes_gpc()) {
     
    4864    $newcontent = stripslashes($HTTP_POST_VARS['newcontent']);
    4965    $file = $HTTP_POST_VARS['file'];
    50     $f = fopen($file, 'w+');
    51     fwrite($f, $newcontent);
    52     fclose($f);
     66    $file = validate_file($file);
     67    $real_file = '../' . $file;
     68    if (is_writeable($real_file)) {
     69        $f = fopen($real_file, 'w+');
     70        fwrite($f, $newcontent);
     71        fclose($f);
     72        header("Location: templates.php?file=$file&a=te");
     73    } else {
     74        header("Location: templates.php?file=$file");
     75    }
    5376
    54     $file = str_replace('../', '', $file);
    55     header("Location: templates.php?file=$file&a=te");
    5677    exit();
    5778
     
    7394        }
    7495    }
     96
     97    $file = validate_file($file);   
     98    $real_file = '../' . $file;
    7599   
    76     if ('..' == substr($file,0,2))
    77         die ('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.');
    78    
    79     if (':' == substr($file,1,1))
    80         die ('Sorry, can’t call files with their real path.');
    81 
    82     if ('/' == substr($file,0,1))
    83         $file = '.' . $file;
    84    
    85     $file = stripslashes($file);
    86     $file = str_replace('../', '', $file);
    87     $file = '../' . $file;
    88    
    89     if (!is_file($file))
     100    if (!is_file($real_file))
    90101        $error = 1;
    91102
     
    94105   
    95106    if (!$error) {
    96         $f = fopen($file, 'r');
    97         $content = fread($f, filesize($file));
     107        $f = fopen($real_file, 'r');
     108        $content = fread($f, filesize($real_file));
    98109        $content = htmlspecialchars($content);
    99110//      $content = str_replace("</textarea","&lt;/textarea",$content);
     
    115126     <br />
    116127     <?php
    117         if (is_writeable($file)) {
     128        if (is_writeable($real_file)) {
    118129            echo "<input type='submit' name='submit' value='Update File' tabindex='2' />";
    119130        } else {
Note: See TracChangeset for help on using the changeset viewer.