You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi guys, you might want to do some basic checks/cleaning on your POST vars
in the server.php file. As it stands right now, an attacker could write an
arbitrary payload to any path that the php/server process has write access
to. This is somewhat mitigated by the limited file extensions, I guess, but
it still seems like a pretty bad idea. Here's a really basic cleaning
function that could be run on the package_name and package_version fields:
function clean( $input, $max_length=255 ) {
$input = trim($input) ;
$input = substr($input, 0, $max_length) ;
$input = preg_replace("/[^a-zA-Z0-9_-]/", "_", $input) ;
return $input ;
}
More could be done, and it might be smart to protect the stacktrace field
as well, but it's a starting point. Modified file attached.
Original issue reported on code.google.com by lav...@gmail.com on 17 Jan 2010 at 7:23
Has Anybody the same effort as me to build up a server backend to store and
manage the Stacktrace in a DB and make them available in a nice little website?
Original comment by andi.sch...@gmail.com on 30 Jan 2013 at 9:53
Original issue reported on code.google.com by
lav...@gmail.com
on 17 Jan 2010 at 7:23Attachments:
The text was updated successfully, but these errors were encountered: