Skip to content

Commit d00745f

Browse files
mantisdavidhicks
authored andcommitted
Fix issue introduced previously whereby php_Self is now used unchecked.
introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var. This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8 Depending on server/mantis config this can lead to XSS issues David: Backported from master branch and removed unreachable code branch. Signed-off-by: David Hicks <d@hx.id.au>
1 parent 6ede60d commit d00745f

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

Diff for: config_defaults_inc.php

+7-2
Original file line numberDiff line numberDiff line change
@@ -112,10 +112,15 @@
112112
$t_host = 'localhost';
113113
}
114114

115-
$t_path = str_replace( basename( $_SERVER['PHP_SELF'] ), '', $_SERVER['PHP_SELF'] );
115+
$t_self = $_SERVER['SCRIPT_NAME'];
116+
$t_self = filter_var( $t_self, FILTER_SANITIZE_STRING );
117+
$t_path = str_replace( basename( $t_self ), '', $t_self );
116118
$t_path = basename( $t_path ) == "admin" ? dirname( $t_path ) . '/' : $t_path;
117119
$t_path = basename( $t_path ) == "soap" ? dirname( dirname( $t_path ) ) . '/' : $t_path;
118-
120+
if ( strpos( $t_path, '&#' ) ) {
121+
echo 'Can not safely determine $g_path. Please set $g_path manually in config_inc.php';
122+
die;
123+
}
119124

120125
$t_url = $t_protocol . '://' . $t_host . $t_path;
121126

0 commit comments

Comments
 (0)