From 165124c6786f5f280f977830596b5dcaed1f288a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20=C3=96sterreicher?= Date: Mon, 20 Sep 2010 16:13:03 +0000 Subject: [PATCH] SecurityFix - XSS Attacke bei HTML Tags in Ordnernamen --- cis/private/lehre/upload.php | 80 +++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 37 deletions(-) diff --git a/cis/private/lehre/upload.php b/cis/private/lehre/upload.php index 972751735..4f39bd1fe 100644 --- a/cis/private/lehre/upload.php +++ b/cis/private/lehre/upload.php @@ -155,18 +155,17 @@ function checkvz(id) { vz = document.getElementById(id).value; - if(vz.indexOf('.')>0) - { - alert('Der Verzeichnisname darf keinen Punkt beinhalten'); - return false; - } - if(vz.indexOf('&')>0) - { - alert('Der Verzeichnisname darf kein "&" beinhalten'); - return false; - } + re = new RegExp(/^(\d|\w|\s)*$/); - return true; + if (vz.match(re)) + { + return true; + } + else + { + alert('Der Verzeichnisname darf nur Buchstaben und Zahlen beinhalten'); + return false; + } } @@ -195,7 +194,7 @@ A:hover {
- + -
Datei UploadDatei Upload
+
@@ -821,39 +820,46 @@ A:hover { { if(isset($new_dir_name_text) && $new_dir_name_text != "") { - $new_dir_name_text = trim($new_dir_name_text); - if(isset($subdir) && $subdir != "") + if(!preg_match('/^(\d|\w|\s)*$/',$new_dir_name_text)) { - if(!@is_dir($upload_root.'/'.$uploaddir.'/'.$subdir)) - { - unset($subdir); - - $dest_create_dir = @dir($upload_root.'/'.$uploaddir); - } - else - { - $dest_create_dir = @dir($upload_root.'/'.$uploaddir.'/'.$subdir); - } + echo '
Verzeichnisname ist ungueltig!
'; } else { - $dest_create_dir = @dir($upload_root.'/'.$uploaddir); - } - - if($dest_create_dir) - { - if(!@is_dir($dest_create_dir->path.'/'.$new_dir_name_text) && !@file_exists($dest_create_dir->path.'/'.$new_dir_name_text) && $new_dir_name_text != "") + $new_dir_name_text = trim($new_dir_name_text); + if(isset($subdir) && $subdir != "") { - @mkdir($dest_create_dir->path.'/'.$new_dir_name_text); - exec('chmod 775 "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"'); - - if($islector) + if(!@is_dir($upload_root.'/'.$uploaddir.'/'.$subdir)) { - exec('sudo chown :teacher "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"'); + unset($subdir); + + $dest_create_dir = @dir($upload_root.'/'.$uploaddir); } else { - exec('sudo chown :student "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"'); + $dest_create_dir = @dir($upload_root.'/'.$uploaddir.'/'.$subdir); + } + } + else + { + $dest_create_dir = @dir($upload_root.'/'.$uploaddir); + } + + if($dest_create_dir) + { + if(!@is_dir($dest_create_dir->path.'/'.$new_dir_name_text) && !@file_exists($dest_create_dir->path.'/'.$new_dir_name_text) && $new_dir_name_text != "") + { + @mkdir($dest_create_dir->path.'/'.$new_dir_name_text); + exec('chmod 775 "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"'); + + if($islector) + { + exec('sudo chown :teacher "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"'); + } + else + { + exec('sudo chown :student "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"'); + } } } }