Permalink
Browse files

Fix for Bug 880699

restorer.php security patch
  • Loading branch information...
jwhonce committed Nov 29, 2012
1 parent f5d91bb commit 32564a0839b1517d762afab2013c26c0959bac00
Showing with 12 additions and 6 deletions.
  1. +12 −6 node-util/www/html/restorer.php
@@ -1,10 +1,16 @@
<?php
list($blank, $uuid, $blank) = split("/", $_SERVER["PATH_INFO"]);
-shell_exec("/usr/sbin/oo-restorer-wrapper.sh $uuid");
-
-sleep(2);
-$url=str_replace("/$uuid", "", $_SERVER["PATH_INFO"]);
-header("Location: $url");
-
+if (preg_match('/[0-9a-fA-F]{32}/', $uuid)) {
+ shell_exec("/usr/sbin/oo-restorer-wrapper.sh $uuid");
+ sleep(2);
+ $host = $_SERVER['HTTP_HOST'];
+ $proto = "http" . ( isset($_SERVER['HTTPS']) ? 's' : '' ) . '://';
+ $url=str_replace("/$uuid", "", $_SERVER["PATH_INFO"]);
+ header("Location: $proto$host$url");
+} else {
+ // someone is trying to attack
+ error_log("Invalid uuid $uuid given to restorer.php");
+ header('HTTP/1.0 403 Forbidden');
+}
?>

0 comments on commit 32564a0

Please sign in to comment.