Skip to content
This repository has been archived by the owner on Sep 8, 2023. It is now read-only.

Fixed vulnerability. #974

Merged
merged 2 commits into from
Apr 24, 2017
Merged

Fixed vulnerability. #974

merged 2 commits into from
Apr 24, 2017

Conversation

cbaker
Copy link
Contributor

@cbaker cbaker commented Jan 17, 2017

view-source: codiad/data/users.php
nginx with fast cgi will disclose the commented out json unless you add a new line before hand.
Fixes username, password "sha1(md5(password))", and last project from being disclosed to public.

Server setup:
ubuntu yakkety
php7.0-fpm
nginx-full
default php7.0-fpm php.ini

view-source: codiad/data/users.php
nginx with fast cgi will disclose the commented out json unless you add a new line before hand.
Fixes username, password "sha1(md5(password))", and last project from being disclosed to public.
Copy link
Contributor

@daeks daeks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about all other php files in the data directory?

@cbaker
Copy link
Contributor Author

cbaker commented Mar 7, 2017

@daeks this also addresses those since they all use the same function. If this is pushed to main branch, upon installation everything will work properly for all files. Also, if you update your current version with this code it will fix your files upon save.

@daeks
Copy link
Contributor

daeks commented Mar 7, 2017

At least project.php has the "old" syntax

<?php/*|[{"name":"test","path":"test"}]|*/?>

@cbaker
Copy link
Contributor Author

cbaker commented Mar 7, 2017

Then what ever writes to that isn't using the same function that was updated.

@daeks
Copy link
Contributor

daeks commented Apr 18, 2017

I have checked the code and the function which is missing is used in /components/install/process.php. This function should be updated as well to reflect your changes.

added \r\n to saveJSON function to prevent sensitive information disclosure
@cbaker
Copy link
Contributor Author

cbaker commented Apr 18, 2017

added new line to process.php saveJSON function, should do the trick.

@daeks daeks merged commit 8ff257e into Codiad:master Apr 24, 2017
@daeks daeks mentioned this pull request Apr 24, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants