Validate backup and fragment files. Don't allow traversal.
git-svn-id: http://svn.automattic.com/wordpress/trunk@4095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e36831ae8a
commit
6ba1e4dd56
|
@ -71,6 +71,7 @@ class wpdbBackup {
|
|||
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
|
||||
|
||||
$this->backup_file = $_GET['backup'];
|
||||
$this->validate_file($this->backup_file);
|
||||
|
||||
switch($via) {
|
||||
case 'smtp':
|
||||
|
@ -97,6 +98,7 @@ class wpdbBackup {
|
|||
}
|
||||
if (isset($_GET['fragment'] )) {
|
||||
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
|
||||
$this->validate_file($filename);
|
||||
$this->backup_fragment($table, $segment, $filename);
|
||||
}
|
||||
|
||||
|
@ -880,6 +882,18 @@ class wpdbBackup {
|
|||
|
||||
return;
|
||||
} // wp_cron_db_backup
|
||||
|
||||
function validate_file($file) {
|
||||
if (false !== strpos($file, '..'))
|
||||
die(__("Cheatin' uh ?"));
|
||||
|
||||
if (false !== strpos($file, './'))
|
||||
die(__("Cheatin' uh ?"));
|
||||
|
||||
if (':' == substr($file, 1, 1))
|
||||
die(__("Cheatin' uh ?"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function wpdbBackup_init() {
|
||||
|
|
Loading…
Reference in New Issue