Permalink
Browse files

fix of CVE HTB23175

  • Loading branch information...
peter-mw committed Sep 26, 2013
1 parent 0b022bb commit 9177d134960c24cb642d5cf3b42a1fba286219cc
Showing with 12 additions and 1 deletion.
  1. +12 −1 src/Microweber/Utils/Backup.php
@@ -1496,7 +1496,7 @@ function download($params)
if (!is_admin()) {
error("must be admin");
}
- ;
+
ini_set('memory_limit', '512M');
set_time_limit(0);
@@ -1507,6 +1507,8 @@ function download($params)
} else if (isset($_GET['file'])) {
$id = $params['file'];
}
+ $id = str_replace('..', '', $id);
+
// Check if the file has needed args
if ($id == NULL) {
@@ -1519,6 +1521,7 @@ function download($params)
// Generate filename and set error variables
$filename = $here . $id;
+ $filename = str_replace('..','',$filename);
if (!is_file($filename)) {
return array('error' => "You have not provided a existising filename to download.");
@@ -1542,6 +1545,10 @@ function download($params)
function readfile_chunked($filename, $retbytes = TRUE)
{
+
+
+ $filename = str_replace('..','',$filename);
+
$chunk_size = 1024 * 1024;
$buffer = "";
$cnt = 0;
@@ -1550,6 +1557,10 @@ function readfile_chunked($filename, $retbytes = TRUE)
if ($handle === false) {
return false;
}
+
+
+
+
while (!feof($handle)) {
$buffer = fread($handle, $chunk_size);
echo $buffer;

2 comments on commit 9177d13

foxx replied Oct 16, 2013

lol...

Owner

peter-mw replied Oct 17, 2013

it happens :)

Please sign in to comment.