[evolvis-commits] r10863: Applied [#1192] Fix for security hole in new SVN/ ViewCVS wrapper scrip?==?UTF-8?Q?ts by Vittal Aithal↵
mirabilos at evolvis.org
mirabilos at evolvis.org
Thu Feb 24 17:57:01 CET 2011
Author: mirabilos
Date: 2011-02-24 17:57:01 +0100 (Thu, 24 Feb 2011)
New Revision: 10863
Modified:
trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php
Log:
Applied [#1192] Fix for security hole in new SVN/ViewCVS wrapper scripts by Vittal Aithal
Modified: trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php 2011-02-24 16:57:00 UTC (rev 10862)
+++ trunk/gforge_base/evolvisforge-5.1/gforge-plugin-scmsvn/www/viewcvs_utils.php 2011-02-24 16:57:01 UTC (rev 10863)
@@ -30,6 +30,19 @@
}
/**
+ * make_arg_cmd_safe() - Make strings safe for the command line.
+ *
+ * @param string The argument that needs to be cleaned.
+ * @return string The argument with dangerous shell characters escaped.
+ */
+function make_arg_cmd_safe($arg) {
+ if (get_magic_quotes_gpc()) {
+ $arg = stripslashes($arg);
+ }
+ return escapeshellcmd($arg);
+}
+
+/**
* viewcvs_execute() - Call to viewcvs.cgi and returned the output.
*
* @return String the output of the ViewCVS command.
@@ -49,17 +62,20 @@
$path .= '/';
}
}
- $command = 'HTTP_COOKIE="'.getStringFromServer('HTTP_COOKIE').'" '.
- 'REMOTE_ADDR="'.getStringFromServer('REMOTE_ADDR').'" '.
+ $query_string = str_replace('\\&', '&', make_arg_cmd_safe($query_string));
+ $query_string = str_replace('\\*', '*', $query_string);
+ $path = str_replace('\\*', '*', make_arg_cmd_safe($path));
+ $command = 'HTTP_COOKIE="'.make_arg_cmd_safe(getStringFromServer('HTTP_COOKIE')).'" '.
+ 'REMOTE_ADDR="'.make_arg_cmd_safe(getStringFromServer('REMOTE_ADDR')).'" '.
'QUERY_STRING="'.$query_string.'" '.
- 'SERVER_SOFTWARE="'.getStringFromServer('SERVER_SOFTWARE').'" '.
- 'SCRIPT_NAME="'.getStringFromServer('SCRIPT_NAME').'" '.
- 'HTTP_USER_AGENT="'.getStringFromServer('HTTP_USER_AGENT').'" '.
- 'HTTP_ACCEPT_ENCODING="'.getStringFromServer('HTTP_ACCEPT_ENCODING').'" '.
- 'HTTP_ACCEPT_LANGUAGE="'.getStringFromServer('HTTP_ACCEPT_LANGUAGE').'" '.
+ 'SERVER_SOFTWARE="'.make_arg_cmd_safe(getStringFromServer('SERVER_SOFTWARE')).'" '.
+ 'SCRIPT_NAME="'.make_arg_cmd_safe(getStringFromServer('SCRIPT_NAME')).'" '.
+ 'HTTP_USER_AGENT="'.make_arg_cmd_safe(getStringFromServer('HTTP_USER_AGENT')).'" '.
+ 'HTTP_ACCEPT_ENCODING="'.make_arg_cmd_safe(getStringFromServer('HTTP_ACCEPT_ENCODING')).'" '.
+ 'HTTP_ACCEPT_LANGUAGE="'.make_arg_cmd_safe(getStringFromServer('HTTP_ACCEPT_LANGUAGE')).'" '.
'PATH_INFO="'.$path.'" '.
- 'PATH="'.getStringFromServer('PATH').'" '.
- 'HTTP_HOST="'.getStringFromServer('HTTP_HOST').'" '.
+ 'PATH="'.make_arg_cmd_safe(getStringFromServer('PATH')).'" '.
+ 'HTTP_HOST="'.make_arg_cmd_safe(getStringFromServer('HTTP_HOST')).'" '.
$GLOBALS['sys_path_to_scmweb'].'/viewcvs.cgi 2>&1';
ob_start();
More information about the evolvis-commits
mailing list