Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix of CVE HTB23175
  • Loading branch information
peter-mw committed Sep 26, 2013
1 parent 0b022bb commit 9177d13
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion src/Microweber/Utils/Backup.php
Expand Up @@ -1496,7 +1496,7 @@ function download($params)
if (!is_admin()) {
error("must be admin");
}
;

ini_set('memory_limit', '512M');
set_time_limit(0);

Expand All @@ -1507,6 +1507,8 @@ function download($params)
} else if (isset($_GET['file'])) {
$id = $params['file'];
}
$id = str_replace('..', '', $id);


// Check if the file has needed args
if ($id == NULL) {
Expand All @@ -1519,6 +1521,7 @@ function download($params)
// Generate filename and set error variables

$filename = $here . $id;
$filename = str_replace('..','',$filename);
if (!is_file($filename)) {
return array('error' => "You have not provided a existising filename to download.");

Expand All @@ -1542,6 +1545,10 @@ function download($params)

function readfile_chunked($filename, $retbytes = TRUE)
{


$filename = str_replace('..','',$filename);

$chunk_size = 1024 * 1024;
$buffer = "";
$cnt = 0;
Expand All @@ -1550,6 +1557,10 @@ function readfile_chunked($filename, $retbytes = TRUE)
if ($handle === false) {
return false;
}




while (!feof($handle)) {
$buffer = fread($handle, $chunk_size);
echo $buffer;
Expand Down

2 comments on commit 9177d13

@foxx
Copy link

@foxx foxx commented on 9177d13 Oct 16, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lol...

@peter-mw
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it happens :)

Please sign in to comment.