Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed vulnerability. #974

Merged
merged 2 commits into from Apr 24, 2017
Merged

Fixed vulnerability. #974

merged 2 commits into from Apr 24, 2017

Conversation

cbaker
Copy link
Contributor

@cbaker cbaker commented Jan 17, 2017

view-source: codiad/data/users.php
nginx with fast cgi will disclose the commented out json unless you add a new line before hand.
Fixes username, password "sha1(md5(password))", and last project from being disclosed to public.

Server setup:
ubuntu yakkety
php7.0-fpm
nginx-full
default php7.0-fpm php.ini

view-source: codiad/data/users.php
nginx with fast cgi will disclose the commented out json unless you add a new line before hand.
Fixes username, password "sha1(md5(password))", and last project from being disclosed to public.
Copy link
Member

@daeks daeks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about all other php files in the data directory?

@cbaker
Copy link
Contributor Author

cbaker commented Mar 7, 2017

@daeks this also addresses those since they all use the same function. If this is pushed to main branch, upon installation everything will work properly for all files. Also, if you update your current version with this code it will fix your files upon save.

@daeks
Copy link
Member

daeks commented Mar 7, 2017

At least project.php has the "old" syntax

<?php/*|[{"name":"test","path":"test"}]|*/?>

@cbaker
Copy link
Contributor Author

cbaker commented Mar 7, 2017

Then what ever writes to that isn't using the same function that was updated.

@daeks
Copy link
Member

daeks commented Apr 18, 2017

I have checked the code and the function which is missing is used in /components/install/process.php. This function should be updated as well to reflect your changes.

added \r\n to saveJSON function to prevent sensitive information disclosure
@cbaker
Copy link
Contributor Author

cbaker commented Apr 18, 2017

added new line to process.php saveJSON function, should do the trick.

@daeks daeks merged commit 8ff257e into Codiad:master Apr 24, 2017
@daeks daeks mentioned this pull request Apr 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants