Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Rename 'promiscuous' to 'dangerous'. Minor bugfixing for mnet.

  • Loading branch information...
commit bcfbd8cbdf90d2e5151c8c735f9e2f20e6c91c99 1 parent 304182d
donal72 authored
Showing with 14 additions and 8 deletions.
  1. +1 −1  admin/mnet/index.php
  2. +1 −1  mnet/lib.php
  3. +12 −6 mnet/xmlrpc/server.php
View
2  admin/mnet/index.php
@@ -40,7 +40,7 @@
/// If data submitted, process and store
if (($form = data_submitted()) && confirm_sesskey()) {
if (!empty($form->submit) && $form->submit == get_string('savechanges')) {
- if (in_array($form->mode, array("off", "strict", "promiscuous"))) {
+ if (in_array($form->mode, array("off", "strict", "dangerous"))) {
if (set_config('mnet_dispatcher_mode', $form->mode)) {
redirect('index.php', get_string('changessaved'));
} else {
View
2  mnet/lib.php
@@ -407,7 +407,7 @@ function mnet_permit_rpc_call($includefile, $functionname, $class=false) {
$permissionobj = record_exists_sql($sql);
- if ($permissionobj === false) {
+ if ($permissionobj === false && 'dangerous' != $CFG->mnet_dispatcher_mode) {
return RPC_FORBIDDENMETHOD;
}
View
18 mnet/xmlrpc/server.php
@@ -360,7 +360,7 @@ function mnet_server_dispatch($payload) {
exit(mnet_server_fault(713, 'nosuchfunction'));
}
- if(preg_match("/^system./", $method)) {
+ if(preg_match("/^system\./", $method)) {
$callstack = explode('.', $method);
} else {
$callstack = explode('/', $method);
@@ -462,7 +462,7 @@ function mnet_server_dispatch($payload) {
}
////////////////////////////////////// STRICT MOD/*
- } elseif ($callstack[0] == 'mod' || 'promiscuous' == $CFG->mnet_dispatcher_mode) {
+ } elseif ($callstack[0] == 'mod' || 'dangerous' == $CFG->mnet_dispatcher_mode) {
list($base, $module, $filename, $functionname) = $callstack;
////////////////////////////////////// STRICT MOD/*
@@ -472,16 +472,22 @@ function mnet_server_dispatch($payload) {
$response = mnet_server_prepare_response($response);
echo $response;
- ////////////////////////////////////// PROMISCUOUS
- } elseif ('promiscuous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
+ ////////////////////////////////////// DANGEROUS
+ } elseif ('dangerous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
$functionname = array_pop($callstack);
- $filename = array_pop($callstack);
if ($MNET_REMOTE_CLIENT->plaintext_is_ok()) {
+ $filename = clean_param(implode('/',$callstack), PARAM_PATH);
+ if (0 == preg_match("/php$/", $filename)) {
+ // Filename doesn't end in 'php'; possible attack?
+ // Generate error response - unable to locate function
+ exit(mnet_server_fault(7012, 'nosuchfunction'));
+ }
+
// The call stack holds the path to any include file
- $includefile = $CFG->dirroot.'/'.implode('/',$callstack).'/'.$filename.'.php';
+ $includefile = $CFG->dirroot.'/'.$filename;
$response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
echo $response;
Please sign in to comment.
Something went wrong with that request. Please try again.