avoid possible filename injection in admin page

git-svn-id: svn://svn.lighttpd.net/xcache/trunk@783 c26eb9a1-5813-0410-bd6c-c2e55f420ca7
2011-04-22 14:56:40 +00:00 · 2011-04-22 14:56:40 +00:00 · d4a2f773a0
parent 25cfffd7f7
commit d4a2f773a0
3 changed files with 13 additions and 3 deletions
--- a/1
+++ b/1
@ -12,6 +12,7 @@ ChangeLog

 1.3.2 2011-??-??
 ========
+ * avoid possible filename injection in admin page
 * adds 30 seconds timeout to "compiling" flag
 * decompiler: improves decompiling
 * disassembler: DECLARE_INHERITED_CLASS/DELAYED class not found
--- a/1
+++ b/1
@ -3,6 +3,7 @@

 1.3.2 2011-??-??
 ========
+ * admin page security fix
 * adds 30 seconds timeout to "compiling" flag
 * improves decompiling
 * memory leak on recompile
--- a/admin/common.php
+++ b/admin/common.php
@ -1,5 +1,10 @@
 <?php

+function xcache_validateFileName($name)
+{
+	return preg_match('!^[a-zA-Z0-9._-]+$!', $name);
+}
+
 function get_language_file_ex($name, $l, $s)
 {
 	static $lmap = array(
@ -15,16 +20,19 @@ function get_language_file_ex($name, $l, $s)
 	if (isset($lmap[$l])) {
 		$l = $lmap[$l];
 	}
-	if (file_exists($file = "$name-$l-$s.lang.php")) {
+	$file = "$name-$l-$s.lang.php";
+	if (xcache_validateFileName($file) && file_exists($file)) {
 		return $file;
 	}
 	if (isset($smap[$s])) {
 		$s = $smap[$s];
-		if (file_exists($file = "$name-$l-$s.lang.php")) {
+		$file = "$name-$l-$s.lang.php";
+		if (xcache_validateFileName($file) && file_exists($file)) {
 			return $file;
 		}
 	}
-	if (file_exists($file = "$name-$l.lang.php")) {
+	$file = "$name-$l.lang.php";
+	if (xcache_validateFileName($file) && file_exists($file)) {
 		return $file;
 	}
 	return null;