Do not allow .. anywhere in the filename.

git-svn-id: http://svn.automattic.com/wordpress/trunk@2019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren 2004-12-30 18:05:46 +00:00
parent 88f5c2951c
commit 5c92876ab2
2 changed files with 32 additions and 13 deletions

View File

@ -760,20 +760,37 @@ function add_management_page($page_title, $menu_title, $access_level, $file) {
add_submenu_page('edit.php', $page_title, $menu_title, $access_level, $file); add_submenu_page('edit.php', $page_title, $menu_title, $access_level, $file);
} }
function validate_file_to_edit($file, $allowed_files = '') { function validate_file($file, $allowed_files = '') {
if ('..' == substr($file,0,2)) if ( false !== strpos($file, './'))
die (__('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.')); return 1;
if (':' == substr($file,1,1)) if (':' == substr($file,1,1))
die (__('Sorry, can’t call files with their real path.')); return 2;
if ( !empty($allowed_files) && (! in_array($file, $allowed_files)) ) { if ( !empty($allowed_files) && (! in_array($file, $allowed_files)) )
die (__('Sorry, that file cannot be edited.')); return 3;
}
return 0;
}
function validate_file_to_edit($file, $allowed_files = '') {
$file = stripslashes($file); $file = stripslashes($file);
return $file; $code = validate_file($file, $allowed_files);
if (! $code)
return $file;
switch ($code) {
case 1:
die (__('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.'));
case 2:
die (__('Sorry, can’t call files with their real path.'));
case 3:
die (__('Sorry, that file cannot be edited.'));
}
} }
function get_home_path() { function get_home_path() {

View File

@ -42,13 +42,15 @@ require(ABSPATH . '/wp-admin/menu.php');
// Handle plugin admin pages. // Handle plugin admin pages.
if (isset($_GET['page'])) { if (isset($_GET['page'])) {
$plugin_page = plugin_basename($_GET['page']); $plugin_page = plugin_basename($_GET['page']);
if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page")) { if ( validate_file($plugin_page) ) {
die(sprintf(__('Cannot load %s.'), $plugin_page)); die(__('Invalid plugin page'));
} }
if (! isset($_GET['noheader'])) { if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
die(sprintf(__('Cannot load %s.'), $plugin_page));
if (! isset($_GET['noheader']))
require_once(ABSPATH . '/wp-admin/admin-header.php'); require_once(ABSPATH . '/wp-admin/admin-header.php');
}
include(ABSPATH . "wp-content/plugins/$plugin_page"); include(ABSPATH . "wp-content/plugins/$plugin_page");