Skip to content
Permalink
Browse files

v3.0.1 - Improve security.

-v3.0.1.
-Improve security by adding a directory/user check.
-commonCore will not run if the user attempts to access another users directory.
-There is currently no features to allow a user to view/modify another users data, but this extra check will help ensure that even through some crazy hacker miracle a malicious crafted request should never result in compromise.
  • Loading branch information...
zelon88 committed Dec 11, 2018
1 parent 61d35a6 commit e60f4ea96081c1e7850a10cfdbd6bbe06a292ed5
Showing with 13 additions and 3 deletions.
  1. +9 −0 CHANGELOG.txt
  2. +1 −0 commonCore.php
  3. +2 −2 compatibilityCore.php
  4. +1 −1 versionInfo.php
@@ -1,3 +1,12 @@
COMMIT 12/10/2018
v3.0.1 - Improve security.

-v3.0.1.
-Improve security by adding a directory/user check.
-commonCore will not run if the user attempts to access another users directory.
-There is currently no features to allow a user to view/modify another users data, but this extra check will help ensure that even through some crazy hacker miracle a malicious crafted request should never result in compromise.

----------
COMMIT 11/18/2018
v3.0 - Improve sanitization.

@@ -182,6 +182,7 @@
// / The following code defines the user directories and adds them to the array of RequiredDirs.
$CloudTmpDir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudTempDir.$UserDirPOST)))));
$CloudUsrDir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudDir.$UserDirPOST)))));
if (strpos($CloudTmpDir, $UserID) == FALSE or strpos($CloudUsrDir, $UserID) == FALSE) die('ERROR!!! HRC2CommonCore185, There was a critical security fault on '.$Time.'!'.PHP_EOL);
array_push($RequiredDirs1, $CloudTmpDir, $CloudUsrDir);
// / -----------------------------------------------------------------------------------
@@ -2,8 +2,8 @@
/*
HRCLOUD2 VERSION INFORMATION
THIS VERSION : v3.0
WRITTEN ON : 11/18/2018
THIS VERSION : v3.0.1
WRITTEN ON : 12/10/2018
*/
// / -----------------------------------------------------------------------------------
@@ -1,4 +1,4 @@
<?php
// / This file contains the current HRCloud2 version for auto-update purposes.
// /
$Version = 'v3.0';
$Version = 'v3.0.1';

0 comments on commit e60f4ea

Please sign in to comment.
You can’t perform that action at this time.