Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix issue introduced previously whereby php_Self is now used unchecked.
introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var.

This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8

Depending on server/mantis config this can lead to XSS issues

David: Backported from master branch and removed unreachable code branch.

Signed-off-by: David Hicks <d@hx.id.au>
  • Loading branch information
mantis authored and davidhicks committed Sep 4, 2011
1 parent 6ede60d commit d00745f
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions config_defaults_inc.php
Expand Up @@ -112,10 +112,15 @@
$t_host = 'localhost';
}

$t_path = str_replace( basename( $_SERVER['PHP_SELF'] ), '', $_SERVER['PHP_SELF'] );
$t_self = $_SERVER['SCRIPT_NAME'];
$t_self = filter_var( $t_self, FILTER_SANITIZE_STRING );
$t_path = str_replace( basename( $t_self ), '', $t_self );
$t_path = basename( $t_path ) == "admin" ? dirname( $t_path ) . '/' : $t_path;
$t_path = basename( $t_path ) == "soap" ? dirname( dirname( $t_path ) ) . '/' : $t_path;

if ( strpos( $t_path, '&#' ) ) {
echo 'Can not safely determine $g_path. Please set $g_path manually in config_inc.php';
die;
}

$t_url = $t_protocol . '://' . $t_host . $t_path;

Expand Down

0 comments on commit d00745f

Please sign in to comment.