Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix issue introduced previously whereby php_Self is now used unchecked.

introduced previously by john attempting to fix symlinks. Since we now use php 5.2, we can make use of filter_var.

This is a simpler version of what we were trying to do previously aka http://git.mantisforge.org/w/mantisbt.git?a=commitdiff;h=5ac1fdf32717d0c82cca7e7660dd4fd316a6a1b8

Depending on server/mantis config this can lead to XSS issues

David: Backported from master branch and removed unreachable code branch.

Signed-off-by: David Hicks <d@hx.id.au>
  • Loading branch information...
commit d00745f5e267eba4ca34286d125de685bc3a8034 1 parent 6ede60d
@grangeway grangeway authored davidhicks committed
Showing with 7 additions and 2 deletions.
  1. +7 −2 config_defaults_inc.php
View
9 config_defaults_inc.php
@@ -112,10 +112,15 @@
$t_host = 'localhost';
}
- $t_path = str_replace( basename( $_SERVER['PHP_SELF'] ), '', $_SERVER['PHP_SELF'] );
+ $t_self = $_SERVER['SCRIPT_NAME'];
+ $t_self = filter_var( $t_self, FILTER_SANITIZE_STRING );
+ $t_path = str_replace( basename( $t_self ), '', $t_self );
$t_path = basename( $t_path ) == "admin" ? dirname( $t_path ) . '/' : $t_path;
$t_path = basename( $t_path ) == "soap" ? dirname( dirname( $t_path ) ) . '/' : $t_path;
-
+ if ( strpos( $t_path, '&#' ) ) {
+ echo 'Can not safely determine $g_path. Please set $g_path manually in config_inc.php';
+ die;
+ }
$t_url = $t_protocol . '://' . $t_host . $t_path;
Please sign in to comment.
Something went wrong with that request. Please try again.