Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fix for URL injection vulnerability (Bug #1307966)

  • Loading branch information...
commit 539cd47824ec6b03b44f9f7c5af8a1e60df0458b 1 parent 30233b8
Thomas B. authored September 29, 2005
14  index.php
@@ -267,7 +267,19 @@
267 267
   }
268 268
 
269 269
 
  270
+// only allow these templates to be included
  271
+$valid_tasks = array('mail','settings','addressbook');
  272
+
270 273
 // parse main template
271  
-parse_template($_task);
  274
+if (in_array($_task, $valid_tasks))
  275
+  parse_template($_task);
  276
+
272 277
 
  278
+// if we arrive here, something went wrong
  279
+raise_error(array('code' => 404,
  280
+                  'type' => 'php',
  281
+                  'line' => __LINE__,
  282
+                  'file' => __FILE__,
  283
+                  'message' => "Invalid request"), TRUE, TRUE);
  284
+                      
273 285
 ?>
2  program/steps/error.inc
@@ -52,7 +52,7 @@ else if ($ERROR_CODE==401)
52 52
 else if ($ERROR_CODE==404)
53 53
   {
54 54
   $__error_title = "REQUEST FAILED/FILE NOT FOUND";
55  
-  $request_url = $GLOBALS['HTTP_HOST'].$GLOBALS['REQUEST_URI'];
  55
+  $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
56 56
   $__error_text  = <<<EOF
57 57
 The requested page was not found!<br />
58 58
 Please contact your server-administrator.

0 notes on commit 539cd47

Please sign in to comment.
Something went wrong with that request. Please try again.