Skip to content
Permalink
Browse files

fix security issue

  • Loading branch information
mvisat committed Nov 30, 2019
1 parent 4a5f40e commit 5c7a6b0e10504f08e2f50655541b767e276ce749
Showing with 15 additions and 13 deletions.
  1. +4 −4 create.php
  2. +11 −9 pluginconfig.php
@@ -4,14 +4,14 @@
require(__DIR__ . '/check_permission.php');

if(isset($_POST["username"]) or isset($_POST["password"])){
$tmpusername = strip_tags($_POST["username"]);
$tmpusername = htmlspecialchars($tmpusername, ENT_QUOTES);
// only allow alphanumeric, underscore, dot, and dash for username
$tmpusername = preg_replace("/[^a-zA-Z0-9_.\-]+/", "", $_POST["username"]);
$tmppassword = md5($_POST["password"]);
$data = '$username = "'.$tmpusername.'"; $password = \''.$tmppassword.'\';'.PHP_EOL;
$data = '$username = \''.$tmpusername.'\'; $password = \''.$tmppassword.'\';'.PHP_EOL;
$fp = fopen(__DIR__ . '/pluginconfig.php', 'a');
fwrite($fp, $data);
unlink(__DIR__ . "/new.php");
unlink(__DIR__ . "/create.php");
header("Location: imgbrowser.php");
}
}

@@ -22,19 +22,21 @@
}

if(isset($_SESSION['username'])){

if(isset($_POST["newpath"])){
$newpath = filter_input(INPUT_POST, 'newpath', FILTER_SANITIZE_STRING);
$options = array("flags" => FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK);
$newpath = filter_input(INPUT_POST, 'newpath', FILTER_SANITIZE_STRING, $options);
$newpath = addslashes($newpath);
$root = $_SERVER['DOCUMENT_ROOT'];
$data = '
$useruploadfolder = "'.$newpath.'";
$useruploadfolder = \''.$newpath.'\';
$useruploadpath = $usersiteroot."$useruploadfolder/";
$foldershistory[] = "'.$newpath.'";
$foldershistory[] = \''.$newpath.'\';
'.PHP_EOL;
$fp = fopen(__DIR__ . '/pluginconfig.php', 'a');
fwrite($fp, $data);
}

if(isset($_POST["extension"])){
$extension_setting = filter_input(INPUT_POST, 'extension', FILTER_SANITIZE_STRING);
if($extension_setting == "no" or $extension_setting == "yes"){
@@ -51,7 +53,7 @@
</script>
';
}
}
}
if(isset($_GET["file_style"])){
$file_style = filter_input(INPUT_GET, 'file_style', FILTER_SANITIZE_STRING);
if($file_style == "block" or $file_style == "list"){
@@ -69,8 +71,8 @@
</script>
';
}
}
}

}

// Version of the plugin
@@ -84,7 +86,7 @@
$password = "";

// ststem icons
$sy_icons = array(
$sy_icons = array(
"cd-ico-browser.ico",
"cd-icon-block.png",
"cd-icon-browser.png",

0 comments on commit 5c7a6b0

Please sign in to comment.
You can’t perform that action at this time.