Changeset 4095

Timestamp:

08/15/2006 01:07:51 AM (19 years ago)

Author:

ryan

Message:

Validate backup and fragment files. Don't allow traversal.

File:

• trunk/wp-content/plugins/wp-db-backup.php (modified) (3 diffs)

trunk/wp-content/plugins/wp-db-backup.php

@@ -72 +72 @@
 
             $this->backup_file = $_GET['backup'];
+            $this->validate_file($this->backup_file);
 
             switch($via) {
@@ -98 +99 @@
         if (isset($_GET['fragment'] )) {
             list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+            $this->validate_file($filename);
             $this->backup_fragment($table, $segment, $filename);
         }
@@ -881 +883 @@
         return;
     } // wp_cron_db_backup
+
+    function validate_file($file) {
+        if (false !== strpos($file, '..'))
+            die(__("Cheatin' uh ?"));
+
+        if (false !== strpos($file, './'))
+            die(__("Cheatin' uh ?"));
+
+        if (':' == substr($file, 1, 1))
+            die(__("Cheatin' uh ?"));
+    }
+
 }