Rename 'promiscuous' to 'dangerous'. Minor bugfixing for mnet.

moodle · Aug 2, 2007 · bcfbd8c · bcfbd8c
1 parent 304182d
commit bcfbd8c
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/admin/mnet/index.php b/admin/mnet/index.php
@@ -40,7 +40,7 @@
 /// If data submitted, process and store
     if (($form = data_submitted()) && confirm_sesskey()) {
         if (!empty($form->submit) && $form->submit == get_string('savechanges')) {
-            if (in_array($form->mode, array("off", "strict", "promiscuous"))) {
+            if (in_array($form->mode, array("off", "strict", "dangerous"))) {
                 if (set_config('mnet_dispatcher_mode', $form->mode)) {
                     redirect('index.php', get_string('changessaved'));
                 } else {

diff --git a/mnet/lib.php b/mnet/lib.php
@@ -407,7 +407,7 @@ function mnet_permit_rpc_call($includefile, $functionname, $class=false) {
 
     $permissionobj = record_exists_sql($sql);
 
-    if ($permissionobj === false) {
+    if ($permissionobj === false && 'dangerous' != $CFG->mnet_dispatcher_mode) {
         return RPC_FORBIDDENMETHOD;
     }
 

diff --git a/mnet/xmlrpc/server.php b/mnet/xmlrpc/server.php
@@ -360,7 +360,7 @@ function mnet_server_dispatch($payload) {
         exit(mnet_server_fault(713, 'nosuchfunction'));
     }
 
-    if(preg_match("/^system./", $method)) {
+    if(preg_match("/^system\./", $method)) {
         $callstack  = explode('.', $method);
     } else {
         $callstack  = explode('/', $method);
@@ -462,7 +462,7 @@ function mnet_server_dispatch($payload) {
         }
 
     ////////////////////////////////////// STRICT MOD/*
-    } elseif ($callstack[0] == 'mod' || 'promiscuous' == $CFG->mnet_dispatcher_mode) {
+    } elseif ($callstack[0] == 'mod' || 'dangerous' == $CFG->mnet_dispatcher_mode) {
         list($base, $module, $filename, $functionname) = $callstack;
 
     ////////////////////////////////////// STRICT MOD/*
@@ -472,16 +472,22 @@ function mnet_server_dispatch($payload) {
             $response = mnet_server_prepare_response($response);
             echo $response;
 
-    ////////////////////////////////////// PROMISCUOUS
-        } elseif ('promiscuous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
+    ////////////////////////////////////// DANGEROUS
+        } elseif ('dangerous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
 
             $functionname = array_pop($callstack);
-            $filename     = array_pop($callstack);
 
             if ($MNET_REMOTE_CLIENT->plaintext_is_ok()) {
 
+                $filename = clean_param(implode('/',$callstack), PARAM_PATH);
+                if (0 == preg_match("/php$/", $filename)) {
+                    // Filename doesn't end in 'php'; possible attack?
+                    // Generate error response - unable to locate function
+                    exit(mnet_server_fault(7012, 'nosuchfunction'));
+                } 
+
                 // The call stack holds the path to any include file
-                $includefile = $CFG->dirroot.'/'.implode('/',$callstack).'/'.$filename.'.php';
+                $includefile = $CFG->dirroot.'/'.$filename;
 
                 $response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
                 echo $response;