blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-30 10:29:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

SecurityFix - XSS Attacke bei HTML Tags in Ordnernamen

Browse Source
This commit is contained in:
Andreas Österreicher
2010-09-20 16:13:03 +00:00
parent 7dbb7240fc
commit 165124c678
1 changed files with 43 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cis/private/lehre/upload.php
+43 -37
View File
@@ -155,18 +155,17 @@
function checkvz(id)
{
vz = document.getElementById(id).value;
if(vz.indexOf('.')>0)
{
alert('Der Verzeichnisname darf keinen Punkt beinhalten');
return false;
}
if(vz.indexOf('&')>0)
{
alert('Der Verzeichnisname darf kein "&" beinhalten');
return false;
}
re = new RegExp(/^(\d|\w|\s)*$/);
return true;
if (vz.match(re))
{
return true;
}
else
{
alert('Der Verzeichnisname darf nur Buchstaben und Zahlen beinhalten');
return false;
}
}
</script>
@@ -195,7 +194,7 @@ A:hover {
<td width="97%"><table class="tabcontent"><tr><td>
<table cellSpacing="2" cellPadding="2" width="100%" border="0">
<tr>
<td align="middle" class="ContentHeader" colSpan="5" height="20"><b><font class="ContentHeader">Datei Upload</font></b></td>
<td align="center" class="ContentHeader" colSpan="5" height="20"><b><font class="ContentHeader">Datei Upload</font></b></td>
</tr>
<?php
if($islector)
@@ -584,7 +583,7 @@ A:hover {
}
?>
<tr>
<td align="middle" colSpan="5" height="36">
<td align="center" colSpan="5" height="36">
<table class="tabcontent">
<tr>
<td><div align="center"><b><font face="Arial" size="2">
@@ -821,39 +820,46 @@ A:hover {
{
if(isset($new_dir_name_text) && $new_dir_name_text != "")
{
$new_dir_name_text = trim($new_dir_name_text);
if(isset($subdir) && $subdir != "")
if(!preg_match('/^(\d|\w|\s)*$/',$new_dir_name_text))
{
if(!@is_dir($upload_root.'/'.$uploaddir.'/'.$subdir))
{
unset($subdir);
$dest_create_dir = @dir($upload_root.'/'.$uploaddir);
}
else
{
$dest_create_dir = @dir($upload_root.'/'.$uploaddir.'/'.$subdir);
}
echo '<center><b>Verzeichnisname ist ungueltig!</b></center>';
}
else
{
$dest_create_dir = @dir($upload_root.'/'.$uploaddir);
}
if($dest_create_dir)
{
if(!@is_dir($dest_create_dir->path.'/'.$new_dir_name_text) && !@file_exists($dest_create_dir->path.'/'.$new_dir_name_text) && $new_dir_name_text != "")
$new_dir_name_text = trim($new_dir_name_text);
if(isset($subdir) && $subdir != "")
{
@mkdir($dest_create_dir->path.'/'.$new_dir_name_text);
exec('chmod 775 "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
if($islector)
if(!@is_dir($upload_root.'/'.$uploaddir.'/'.$subdir))
{
exec('sudo chown :teacher "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
unset($subdir);
$dest_create_dir = @dir($upload_root.'/'.$uploaddir);
}
else
{
exec('sudo chown :student "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
$dest_create_dir = @dir($upload_root.'/'.$uploaddir.'/'.$subdir);
}
}
else
{
$dest_create_dir = @dir($upload_root.'/'.$uploaddir);
}
if($dest_create_dir)
{
if(!@is_dir($dest_create_dir->path.'/'.$new_dir_name_text) && !@file_exists($dest_create_dir->path.'/'.$new_dir_name_text) && $new_dir_name_text != "")
{
@mkdir($dest_create_dir->path.'/'.$new_dir_name_text);
exec('chmod 775 "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
if($islector)
{
exec('sudo chown :teacher "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
}
else
{
exec('sudo chown :student "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
}
}
}
}