Bug#818708: didiwiki regression: fix for CVE-2013-7448 renders many existing pages inaccessible

Ignace Mouzannar Sun, 03 Apr 2016 15:21:34 -0700

Thanks Sergio for your review and input. Here is the patch I will be uploading.


----
+    if (page_name[0] == '/')
+        return FALSE;
+
+    if (strncmp(page_name, "../", 3) == 0)
+        return FALSE;
+
+    if (strstr(page_name, "/../"))
+        return FALSE;
----

Cheers,
 Ignace M

Bug#818708: didiwiki regression: fix for CVE-2013-7448 renders many existing pages inaccessible

Reply via email to