Skip to content

Commit

Permalink
Bug 6628 : Stopping a potential vulnerability
Browse files Browse the repository at this point in the history 
Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
- verified help pages still work
- verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not
show the template file (did work on master, not after applying patch)
- verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl does not work (didn't work on master or after applying patch)

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The potential vulnerability would allow anyone to see the content of any .tt file, and .tt only. Was much less critical than the vulnerability for 6629, but it's worth fixing !
  • Loading branch information
@ranginui @PaulPoulain
ranginui authored and PaulPoulain committed Nov 28, 2011
1 parent 2989e12 commit 8664d19
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion help.pl
View file
Expand Up @@ -32,7 +32,9 @@
$refer = $query->referer() if !$refer || $refer eq 'undefined';

$refer =~ /koha\/(.*)\.pl/;
my $from = "help/$1.tt";
my $file = $1;
$file =~ s/[^a-zA-Z0-9_\-\/]*//g;
my $from = "help/$file.tt";

my $template = C4::Templates::gettemplate($from, 'intranet', $query);
$template->param( referer => $refer );
Expand Down

0 comments on commit 8664d19

Please sign in to comment.