Validate backup and fragment files. Don't allow traversal.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-09-25 01:48:48 +00:00
parent 906efe5418
commit e4070117c3
1 changed files with 15 additions and 1 deletions

View File

@ -69,7 +69,8 @@ class wpdbBackup {
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
$this->backup_file = $_GET['backup'];
$this->validate_file($this->backup_file);
switch($via) {
case 'smtp':
case 'email':
@ -95,6 +96,7 @@ class wpdbBackup {
}
if (isset($_GET['fragment'] )) {
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
$this->validate_file($filename);
$this->backup_fragment($table, $segment, $filename);
}
@ -881,6 +883,18 @@ class wpdbBackup {
return;
} // wp_cron_db_backup
function validate_file($file) {
if (false !== strpos($file, '..'))
die(__("Cheatin' uh ?"));
if (false !== strpos($file, './'))
die(__("Cheatin' uh ?"));
if (':' == substr($file, 1, 1))
die(__("Cheatin' uh ?"));
}
}
function wpdbBackup_init() {