[evolvis-commits] r10863: Applied [#1192] Fix for security hole in new SVN/ ViewCVS wrapper scrip?==?UTF-8?Q?ts by Vittal Aithal↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Feb 24 17:57:01 CET 2011


Author: mirabilos
Date: 2011-02-24 17:57:01 +0100 (Thu, 24 Feb 2011)
New Revision: 10863

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php
Log:
Applied [#1192] Fix for security hole in new SVN/ViewCVS wrapper scripts by Vittal Aithal


Modified: trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php	2011-02-24 16:57:00 UTC (rev 10862)
+++ trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php	2011-02-24 16:57:01 UTC (rev 10863)
@@ -30,6 +30,19 @@
 }
 
 /**
+ * make_arg_cmd_safe() - Make strings safe for the command line.
+ *
+ * @param  string  The argument that needs to be cleaned.
+ * @return string  The argument with dangerous shell characters escaped.
+ */
+function make_arg_cmd_safe($arg) {
+    if (get_magic_quotes_gpc()) {
+        $arg = stripslashes($arg);
+    }
+    return escapeshellcmd($arg);
+}
+
+/**
  *      viewcvs_execute() - Call to viewcvs.cgi and returned the output.
  *
  *      @return String the output of the ViewCVS command.
@@ -49,17 +62,20 @@
  			$path .= '/';
  		}
  	}
-	$command = 'HTTP_COOKIE="'.getStringFromServer('HTTP_COOKIE').'" '.
-		'REMOTE_ADDR="'.getStringFromServer('REMOTE_ADDR').'" '.
+ 	$query_string = str_replace('\\&', '&', make_arg_cmd_safe($query_string));
+ 	$query_string = str_replace('\\*', '*', $query_string);
+ 	$path = str_replace('\\*', '*', make_arg_cmd_safe($path));
+	$command = 'HTTP_COOKIE="'.make_arg_cmd_safe(getStringFromServer('HTTP_COOKIE')).'" '.
+		'REMOTE_ADDR="'.make_arg_cmd_safe(getStringFromServer('REMOTE_ADDR')).'" '.
 		'QUERY_STRING="'.$query_string.'" '.
-		'SERVER_SOFTWARE="'.getStringFromServer('SERVER_SOFTWARE').'" '.
-		'SCRIPT_NAME="'.getStringFromServer('SCRIPT_NAME').'" '.
-		'HTTP_USER_AGENT="'.getStringFromServer('HTTP_USER_AGENT').'" '.
-		'HTTP_ACCEPT_ENCODING="'.getStringFromServer('HTTP_ACCEPT_ENCODING').'" '.
-		'HTTP_ACCEPT_LANGUAGE="'.getStringFromServer('HTTP_ACCEPT_LANGUAGE').'" '.
+		'SERVER_SOFTWARE="'.make_arg_cmd_safe(getStringFromServer('SERVER_SOFTWARE')).'" '.
+		'SCRIPT_NAME="'.make_arg_cmd_safe(getStringFromServer('SCRIPT_NAME')).'" '.
+		'HTTP_USER_AGENT="'.make_arg_cmd_safe(getStringFromServer('HTTP_USER_AGENT')).'" '.
+		'HTTP_ACCEPT_ENCODING="'.make_arg_cmd_safe(getStringFromServer('HTTP_ACCEPT_ENCODING')).'" '.
+		'HTTP_ACCEPT_LANGUAGE="'.make_arg_cmd_safe(getStringFromServer('HTTP_ACCEPT_LANGUAGE')).'" '.
 		'PATH_INFO="'.$path.'" '.
-		'PATH="'.getStringFromServer('PATH').'" '.
-		'HTTP_HOST="'.getStringFromServer('HTTP_HOST').'" '.
+		'PATH="'.make_arg_cmd_safe(getStringFromServer('PATH')).'" '.
+		'HTTP_HOST="'.make_arg_cmd_safe(getStringFromServer('HTTP_HOST')).'" '.
 		$GLOBALS['sys_path_to_scmweb'].'/viewcvs.cgi 2>&1';
 
 	ob_start();



More information about the evolvis-commits mailing list