Validate backup and fragment files. Don't allow traversal.

git-svn-id: http://svn.automattic.com/wordpress/trunk@4095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-08-15 01:07:51 +00:00
parent e36831ae8a
commit 6ba1e4dd56
1 changed files with 14 additions and 0 deletions

View File

@ -71,6 +71,7 @@ class wpdbBackup {
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
$this->backup_file = $_GET['backup'];
$this->validate_file($this->backup_file);
switch($via) {
case 'smtp':
@ -97,6 +98,7 @@ class wpdbBackup {
}
if (isset($_GET['fragment'] )) {
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
$this->validate_file($filename);
$this->backup_fragment($table, $segment, $filename);
}
@ -880,6 +882,18 @@ class wpdbBackup {
return;
} // wp_cron_db_backup
function validate_file($file) {
if (false !== strpos($file, '..'))
die(__("Cheatin' uh ?"));
if (false !== strpos($file, './'))
die(__("Cheatin' uh ?"));
if (':' == substr($file, 1, 1))
die(__("Cheatin' uh ?"));
}
}
function wpdbBackup_init() {