Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1797

Timestamp:

2008-03-25 14:01:57 (6 months ago)

Author:

wwalc

Message:

Fix for #1944, backslash is disallowed in currentfolder parameter: ColdFusion, Perl, PHP, Python

Location:

FCKeditor/trunk/editor/filemanager/connectors

Files:

: 12 modified

asp/io.asp (modified) (1 diff)
asp/upload.asp (modified) (1 diff)
cfm/cf5_connector.cfm (modified) (1 diff)
cfm/cf5_upload.cfm (modified) (1 diff)
cfm/cf_io.cfm (modified) (2 diffs)
cfm/cf_upload.cfm (modified) (1 diff)
lasso/connector.lasso (modified) (5 diffs)
lasso/upload.lasso (modified) (4 diffs)
perl/connector.cgi (modified) (1 diff)
perl/upload.cgi (modified) (1 diff)
php/io.php (modified) (1 diff)
py/fckutil.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

FCKeditor/trunk/editor/filemanager/connectors/asp/io.asp

r1791	r1797
173	173
174	174	' Check for invalid folder paths (..)
175		If ( InStr( 1, sCurrentFolder, ".." ) <> 0 ) Then
	175	If ( InStr( 1, sCurrentFolder, ".." ) <> 0 OR InStr( 1, sCurrentFolder, "\" ) <> 0) Then
176	176	SendError 102, ""
177	177	End If

FCKeditor/trunk/editor/filemanager/connectors/asp/upload.asp

r1565	r1797
33	33	<%
34	34
	35	Sub SendError( number, text )
	36	SendUploadResults number, "", "", text
	37	End Sub
	38
35	39	' Check if this uploader has been enabled.
36	40	If ( ConfigIsEnabled = False ) Then

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm

r1565	r1797
130	130	<cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
131	131
132		<cfelseif find("..",url.currentFolder)>
	132	<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder)>
133	133
134	134	<cfset xmlContent = "<Error number=""102"" />">

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm

r1791	r1797
100	100	</cfif>
101	101
102		<cfif find( "..", url.currentFolder)>
	102	<cfif find( "..", url.currentFolder) or find( "\", url.currentFolder)>
103	103	<cfset SendUploadResults(102)>
104	104	<cfabort>

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_io.cfm

r1791	r1797
175	175	</cffunction>
176	176
177		<cffunction name="GetCurrentFolder" returntype="String" output="~~fals~~e">
	177	<cffunction name="GetCurrentFolder" returntype="String" output="true">
178	178	<cfset var sCurrentFolder = "/">
179	179
…	…
194	194	<cfset sCurrentFolder = rereplace( sCurrentFolder, "//+", "/", "all" )>
195	195
196		<cfif find( "..", sCurrentFolder)>
	196	<cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) >
197	197	<cfset SendError( 102, "" )>
198	198	</cfif>

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_upload.cfm

r1565	r1797
34	34	<cfinclude template="cf_commands.cfm">
35	35
	36	<cffunction name="SendError" returntype="void" output="true">
	37	<cfargument name="number" required="true" type="Numeric">
	38	<cfargument name="text" required="true">
	39	<cfreturn SendUploadResults( "#ARGUMENTS.number#", "", "", "ARGUMENTS.text" )>
	40	</cffunction>
	41
36	42	<cfset REQUEST.Config = Config>
37	43	<cfif find( "/", getBaseTemplatePath() ) >

FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso

r1791	r1797
56	56	);
57	57
	58	/*.....................................................................
	59	Custom tag sets the HTML response.
	60	*/
	61
	62	define_tag(
	63	'htmlreply',
	64	-namespace='fck_',
	65	-priority='replace',
	66	-required='uploadResult',
	67	-optional='NewFilePath',
	68	-type='string',
	69	-description='Sets the HTML response for the FCKEditor File Upload feature.'
	70	);
	71	$__html_reply__ = '\
	72	<script type="text/javascript">
	73	(function()
	74	{
	75	var d = document.domain ;
	76
	77	while ( true )
	78	{
	79	// Test if we can access a parent property.
	80	try
	81	{
	82	var test = window.top.opener.document.domain ;
	83	break ;
	84	}
	85	catch( e ) {}
	86
	87	// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
	88	d = d.replace( /.*?(?:\\.\|$)/, "" ) ;
	89
	90	if ( d.length == 0 )
	91	break ; // It was not able to detect the domain.
	92
	93	try
	94	{
	95	document.domain = d ;
	96	}
	97	catch (e)
	98	{
	99	break ;
	100	}
	101	}
	102	})() ;
	103	';
	104	if($uploadResult == '0' \|\| $uploadResult == '201');
	105	$__html_reply__ = $__html_reply__ + '\
	106	window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
	107	</script>
	108	';
	109	else;
	110	$__html_reply__ = $__html_reply__ + '\
	111	window.parent.OnUploadCompleted(' + $uploadResult + ');
	112	</script>
	113	';
	114	/if;
	115	/define_tag;
	116
58	117
59	118	/*.....................................................................
…	…
64	123	var('currentFolderURL' = $ServerPath
65	124	+ $config->find('Subdirectories')->find(action_param('Type'))
66		+ ~~action_param('CurrentFolder')~~
	125	+ $CurrentFolder
67	126	);
68	127
69
	128	if($CurrentFolder->(Find: '..') \|\| $CurrentFolder->(Find: '\\'));
	129	if($Command == 'FileUpload');
	130	$responseType = 'html';
	131	$uploadResult = '102';
	132	fck_htmlreply(
	133	-uploadResult=$uploadResult
	134	);
	135	else;
	136	$errorNumber = 102;
	137	$commandData += '<Error number="' + $errorNumber + '" />\n';
	138	/if;
	139	else;
	140
70	141	/*.....................................................................
71	142	Build the appropriate response per the 'Command' parameter. Wrap the
…	…
150	221	Was a file actually uploaded?
151	222	*/
152		file_uploads->size ? $NewFile = file_uploads->get(1) \| $uploadResult = '202';
153
	223	if(file_uploads->size);
	224	$NewFile = file_uploads->get(1);
	225	else;
	226	$uploadResult = '202';
	227	/if;
	228
154	229	if($uploadResult == '0');
155	230	/*.....................................................
…	…
195	270	$OrigFilePath != $NewFilePath ? $uploadResult = 201;
196	271	case;
197		$uploadResult = ~~'202'~~;
	272	$uploadResult = file_currenterror( -errorcode);
198	273	/select;
199	274	/if;
200	275	/if;
201
202
203		/*.........................................................
204		Set the HTML response.
205		*/
206		$__html_reply__ = '\
207		<script type="text/javascript">
208		(function()
209		{
210		var d = document.domain ;
211
212		while ( true )
213		{
214		// Test if we can access a parent property.
215		try
216		{
217		var test = window.top.opener.document.domain ;
218		break ;
219		}
220		catch( e ) {}
221
222		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
223		d = d.replace( /.*?(?:\\.\|$)/, "" ) ;
224
225		if ( d.length == 0 )
226		break ; // It was not able to detect the domain.
227
228		try
229		{
230		document.domain = d ;
231		}
232		catch (e)
233		{
234		break ;
235		}
236		}
237		})() ;
238		';
239		if($uploadResult == '0' \|\| $uploadResult == '201');
240		$__html_reply__ = $__html_reply__ + '\
241		window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
242		</script>
243		';
244		else;
245		$__html_reply__ = $__html_reply__ + '\
246		window.parent.OnUploadCompleted(' + $uploadResult + ');
247		</script>
248		';
249		/if;
	276	fck_htmlreply(
	277	-uploadResult=$uploadResult,
	278	-NewFilePath=$NewFilePath
	279	);
250	280	/select;
251	281	/inline;
252
	282	/if;
253	283
254	284	/*.....................................................................
…	…
269	299	Content-Type: text/xml; charset=utf-8
270	300	[//lasso
271		/header;
272
273
274		/*.................................................................
275		Set the content type encoding for Lasso.
276		*/
	301	/header;
	302
	303	/*
	304	Set the content type encoding for Lasso.
	305	*/
277	306	content_type('text/xml; charset=utf-8');
278	307
279
280		/*.................................................................
281		Wrap the response as XML and output.
282		*/
	308	/*
	309	Wrap the response as XML and output.
	310	*/
283	311	$__html_reply__ = '\
284	312	<?xml version="1.0" encoding="utf-8" ?>
285		<Connector command="' + $Command + '" resourceType="' + $Type + '">
286		<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />
287		' + $commandData + '
288		</Connector>
289		';
	313	<Connector command="' + $Command + '" resourceType="' + $Type + '">';
	314
	315	if($errorNumber != '102');
	316	$__html_reply__ += '<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />';
	317	/if;
	318
	319	$__html_reply__ += $commandData + '
	320	</Connector>';
290	321	/if;
291	322	]

FCKeditor/trunk/editor/filemanager/connectors/lasso/upload.lasso

r1565	r1797
57	57	);
58	58
59
60	59	/*.....................................................................
61	60	Custom tag sets the HTML response.
…	…
78	77	$__html_reply__ = '\
79	78	<script type="text/javascript">
	79	(function()
	80	{
	81	var d = document.domain ;
	82
	83	while ( true )
	84	{
	85	// Test if we can access a parent property.
	86	try
	87	{
	88	var test = window.top.opener.document.domain ;
	89	break ;
	90	}
	91	catch( e ) {}
	92
	93	// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
	94	d = d.replace( /.*?(?:\\.\|$)/, "" ) ;
	95
	96	if ( d.length == 0 )
	97	break ; // It was not able to detect the domain.
	98
	99	try
	100	{
	101	document.domain = d ;
	102	}
	103	catch (e)
	104	{
	105	break ;
	106	}
	107	}
	108	})() ;
80	109	window.parent.OnUploadCompleted(' + #errorNumber + ',"'
81	110	+ string_replace(#fileUrl, -find='"', -replace='\\"') + '","'
…	…
86	115	/define_tag;
87	116
	117	if($CurrentFolder->(Find: '..') \|\| $CurrentFolder->(Find: '\\'));
	118	$errorNumber = 102;
	119	/if;
88	120
89	121	if($config->find('Enabled'));
…	…
95	127	Was a file actually uploaded?
96	128	*/
97		file_uploads->size ? $NewFile = file_uploads->get(1) \| $errorNumber = 202;
	129	if($errorNumber != '102');
	130	file_uploads->size ? $NewFile = file_uploads->get(1) \| $errorNumber = 202;
	131	/if;
98	132
99	133	if($errorNumber == 0);

FCKeditor/trunk/editor/filemanager/connectors/perl/connector.cgi

r1565	r1797
102	102
103	103	# Check for invalid folder paths (..)
104		if ( $sCurrentFolder =~ /~~\.\.~~/ ) {
	104	if ( $sCurrentFolder =~ /(?:\.\.\|\\)/ ) {
105	105	SendError( 102, "" ) ;
106	106	}

FCKeditor/trunk/editor/filemanager/connectors/perl/upload.cgi

r1565	r1797
105	105
106	106	# Check for invalid folder paths (..)
107		if ( $sCurrentFolder =~ /~~\.\.~~/ ) {
	107	if ( $sCurrentFolder =~ /(?:\.\.\|\\)/ ) {
108	108	SendError( 102, "" ) ;
109	109	}

FCKeditor/trunk/editor/filemanager/connectors/php/io.php

r1791	r1797
241	241
242	242	// Check for invalid folder paths (..)
243		if ( strpos( $sCurrentFolder, '..' ) )
	243	if ( strpos( $sCurrentFolder, '..' ) \|\| strpos( $sCurrentFolder, "\\" ))
244	244	SendError( 102, '' ) ;
245	245

FCKeditor/trunk/editor/filemanager/connectors/py/fckutil.py

r1651	r1797
90	90
91	91	# Check for invalid folder paths (..)
92		if '..' in currentFolder:
	92	if '..' in currentFolder or '\\' in currentFolder:
93	93	return None
94	94

Context Navigation

Changeset 1797

Legend:

Download in other formats: