Skip to content

GitLab

Commit 63e8d1e3 authored by webchick's avatar webchick
Browse files

#324875: SA-2008-067 (#324824): Fix file inclusion vulnerability.

parent 5101fd24
Hide whitespace changes
Inline Side-by-side
includes/bootstrap.inc
View file @ 63e8d1e3
...@@ -347,6 +347,11 @@ function conf_path($require_settings = TRUE, $reset = FALSE) { ...@@ -347,6 +347,11 @@ function conf_path($require_settings = TRUE, $reset = FALSE) {
} }
$uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE || strpos($_SERVER['HTTP_HOST'], '\\') !== FALSE) {
// A HTTP_HOST containing slashes may be an attack and is invalid.
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
exit;
}
$server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
for ($i = count($uri) - 1; $i > 0; $i--) { for ($i = count($uri) - 1; $i > 0; $i--) {
for ($j = count($server); $j > 0; $j--) { for ($j = count($server); $j > 0; $j--) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment