Skip to content

Commit a4a5aee

Browse files
committed
Don't let web skin name ../../../../ access files outside of usual skins directories.
Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
1 parent d22fef8 commit a4a5aee

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

Diff for: src/WebModules.cpp

+5-3
Original file line numberDiff line numberDiff line change
@@ -557,13 +557,15 @@ CWebSock::EPageReqResult CWebSock::PrintTemplate(const CString& sPageName,
557557
}
558558

559559
CString CWebSock::GetSkinPath(const CString& sSkinName) {
560-
CString sRet = CZNC::Get().GetZNCPath() + "/webskins/" + sSkinName;
560+
const CString sSkin = sSkinName.Replace_n("/", "_").Replace_n(".", "_");
561+
562+
CString sRet = CZNC::Get().GetZNCPath() + "/webskins/" + sSkin;
561563

562564
if (!CFile::IsDir(sRet)) {
563-
sRet = CZNC::Get().GetCurPath() + "/webskins/" + sSkinName;
565+
sRet = CZNC::Get().GetCurPath() + "/webskins/" + sSkin;
564566

565567
if (!CFile::IsDir(sRet)) {
566-
sRet = CString(_SKINDIR_) + "/" + sSkinName;
568+
sRet = CString(_SKINDIR_) + "/" + sSkin;
567569
}
568570
}
569571

0 commit comments

Comments
 (0)