Skip to content

Commit

Permalink
Fix source code disclosure on case-insensitive file systems
Browse files Browse the repository at this point in the history 
If the file system containing the PHP code is case-insensitive, a
request containing an uppercase file extension will return the
contents of the PHP file to the browser instead of executing it.

E.g. a request for this URL will return the source code:

  https:/sp.example.org/simplesaml/module.php/core/frontpage_welcome.PHP

Fix that by converting the path to lowercase before checking the file
extension.

See the following page for details:

  GHSA-24m3-w8g9-jwpq
  • Loading branch information
@olavmo-sikt
olavmo-sikt committed Apr 16, 2020
1 parent 228e4f2 commit 47968d2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/SimpleSAML/Module.php
View file
Expand Up @@ -259,7 +259,7 @@ function ($val) {
throw new Error\NotFound('The URL wasn\'t found in the module.');
}

if (substr($path, -4) === '.php') {
if (mb_strtolower(substr($path, -4), 'UTF-8') === '.php') {
// PHP file - attempt to run it

/* In some environments, $_SERVER['SCRIPT_NAME'] is already set with $_SERVER['PATH_INFO']. Check for that
Expand Down

0 comments on commit 47968d2

Please sign in to comment.