Skip to content
Permalink
Browse files Browse the repository at this point in the history
Don't let web skin name ../../../../ access files outside of usual sk…
…ins directories.

Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
  • Loading branch information
DarthGandalf committed Jul 14, 2018
1 parent d22fef8 commit a4a5aee
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions src/WebModules.cpp
Expand Up @@ -557,13 +557,15 @@ CWebSock::EPageReqResult CWebSock::PrintTemplate(const CString& sPageName,
}

CString CWebSock::GetSkinPath(const CString& sSkinName) {
CString sRet = CZNC::Get().GetZNCPath() + "/webskins/" + sSkinName;
const CString sSkin = sSkinName.Replace_n("/", "_").Replace_n(".", "_");

CString sRet = CZNC::Get().GetZNCPath() + "/webskins/" + sSkin;

if (!CFile::IsDir(sRet)) {
sRet = CZNC::Get().GetCurPath() + "/webskins/" + sSkinName;
sRet = CZNC::Get().GetCurPath() + "/webskins/" + sSkin;

if (!CFile::IsDir(sRet)) {
sRet = CString(_SKINDIR_) + "/" + sSkinName;
sRet = CString(_SKINDIR_) + "/" + sSkin;
}
}

Expand Down

0 comments on commit a4a5aee

Please sign in to comment.