Projet

Général

Profil

Révision 01dfd3b5

Ajouté par Assos Assos il y a plus de 3 ans

Udpate to 7.77

Voir les différences:

drupal7/modules/system/system.tar.inc
1788 1788

  
1789 1789
        // ----- Extract the properties
1790 1790
        $v_header['filename'] = rtrim($v_data['filename'], "\0");
1791
        if ($this->_maliciousFilename($v_header['filename'])) {
1791
        if ($this->_isMaliciousFilename($v_header['filename'])) {
1792 1792
            $this->_error(
1793 1793
                'Malicious .tar detected, file "' . $v_header['filename'] .
1794 1794
                '" will not install in desired directory tree'
......
1858 1858
     *
1859 1859
     * @return bool
1860 1860
     */
1861
    private function _maliciousFilename($file)
1861
    private function _isMaliciousFilename($file)
1862 1862
    {
1863
        if (strpos($file, 'phar://') === 0) {
1863
        if (strpos($file, '://') !== false) {
1864 1864
            return true;
1865 1865
        }
1866 1866
        if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) {
......
1896 1896

  
1897 1897
        $v_filename = rtrim(substr($v_filename, 0, $v_filesize), "\0");
1898 1898
        $v_header['filename'] = $v_filename;
1899
        if ($this->_maliciousFilename($v_filename)) {
1899
        if ($this->_isMaliciousFilename($v_filename)) {
1900 1900
            $this->_error(
1901 1901
                'Malicious .tar detected, file "' . $v_filename .
1902 1902
                '" will not install in desired directory tree'

Formats disponibles : Unified diff