Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixes #2 strongly check the input parameter to avoid unexpected files…
… to be displayed.

Privately reported by Harry Goodman from NCC
  • Loading branch information
plegall committed Apr 23, 2021
1 parent b36e6f0 commit dda691d
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions show_default.php
Expand Up @@ -28,14 +28,16 @@
load_language('plugin.lang', LOCALEDIT_PATH);
check_status(ACCESS_WEBMASTER);

check_input_parameter('file', $_GET, false, '/^(include\/config_default\.inc\.php|language\/[a-z]+_[A-Z]+\/(common|admin)\.lang\.php)$/');

if (isset($_GET['file']))
{
$path = $_GET['file'];
if (!is_admin() or (!substr_count($path, 'config_default.inc.php') and !substr_count($path, '.lang.php')))
if (!is_admin())
{
die('Hacking attempt!');
}

$template->set_filename('show_default', dirname(__FILE__) . '/template/show_default.tpl');

$file = file_get_contents(PHPWG_ROOT_PATH . $path);
Expand Down

1 comment on commit dda691d

@abergmann
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2021-31783 was assigned to this commit.

Please sign in to comment.