Validate backup and fragment files. Don't allow traversal.
git-svn-id: http://svn.automattic.com/wordpress/trunk@4095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e36831ae8a
commit
6ba1e4dd56
|
@ -71,6 +71,7 @@ class wpdbBackup {
|
||||||
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
|
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
|
||||||
|
|
||||||
$this->backup_file = $_GET['backup'];
|
$this->backup_file = $_GET['backup'];
|
||||||
|
$this->validate_file($this->backup_file);
|
||||||
|
|
||||||
switch($via) {
|
switch($via) {
|
||||||
case 'smtp':
|
case 'smtp':
|
||||||
|
@ -97,6 +98,7 @@ class wpdbBackup {
|
||||||
}
|
}
|
||||||
if (isset($_GET['fragment'] )) {
|
if (isset($_GET['fragment'] )) {
|
||||||
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
|
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
|
||||||
|
$this->validate_file($filename);
|
||||||
$this->backup_fragment($table, $segment, $filename);
|
$this->backup_fragment($table, $segment, $filename);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -880,6 +882,18 @@ class wpdbBackup {
|
||||||
|
|
||||||
return;
|
return;
|
||||||
} // wp_cron_db_backup
|
} // wp_cron_db_backup
|
||||||
|
|
||||||
|
function validate_file($file) {
|
||||||
|
if (false !== strpos($file, '..'))
|
||||||
|
die(__("Cheatin' uh ?"));
|
||||||
|
|
||||||
|
if (false !== strpos($file, './'))
|
||||||
|
die(__("Cheatin' uh ?"));
|
||||||
|
|
||||||
|
if (':' == substr($file, 1, 1))
|
||||||
|
die(__("Cheatin' uh ?"));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function wpdbBackup_init() {
|
function wpdbBackup_init() {
|
||||||
|
|
Loading…
Reference in New Issue