Re: [ml] Problema sicurezza Php 5

[Mailing List Manager]

----- Forwarded message from Alessandro <forumlist(at)email.it> -----
From: Alessandro <forumlist(at)email.it>
To: ml(at)sikurezza.org
Subject: Re: [ml] Problema sicurezza Php 5

Ciao e grazie per la risposta. Il problema e che dovrei riuscire a 
risolvere il problema senza modificare il codice del cliente.

stampa.php

<?php
       include_once("testata.php");

       $superbasedir = "stampa/";
       if (($basedir = @$_GET["dir"]) == "") $basedir = $superbasedir;
       if ($basedir == "downloads/") $sez_nome = $sez_download_s; else 
$sez_nome = $sez_stampa_s;
       echo "<div id=\"maintesto\"><h1>$sez_nome</h1>";

       if ($superbasedir != $basedir) echo sprintf("<a 
href='%s?dir=%s/'>%s</a><br>", $_SERVER["PHP_SELF"], "../", "Torna alla 
cartella superiore");

       $nodir = true;
       $arr_file = find_dir($basedir);
       $file_html = "";
       if (count($arr_file) > 0) {
               foreach ($arr_file as $file) {
                       $fdesc = strlen($file) > 10 ? substr($file, 0, 
10) . "..." : $file;
                       $ffile = $basedir . $file;
                       $fext = strtolower(substr($file, strrpos($file, 
".")+1, strlen($file)-strrpos($file, ".")));
                       $fdate = date("d/m/Y", filemtime($ffile));
                       $flink = sprintf("<a href='%s?dir=%s/' 
title='%s'>%s</a>", $_SERVER["PHP_SELF"], $ffile, htmlentities($file), 
htmlentities($file));
                       $fimg = "img/file/dir.png";

                       $file_html .= "<div class='file1'><div 
class='file2'><div class='file3'>";
                       $file_html .= "<span><img src='$fimg' 
alt='$file'><p>$flink<br>$fdate<br>&nbsp;</p></span>";
                       $file_html .= "</div></div></div>\n";
               }
               echo $file_html;
               $nodir = false;
       }


       $arr_file = find_files($basedir, array(".*"));

       $file_html = "";
       if (count($arr_file) > 0) {
               foreach ($arr_file as $file) {
                       $fdesc = strlen($file) > 10 ? substr($file, 0, 
10) . "..." : $file;
                       $ffile = $basedir . $file;
                       $fext = strtolower(substr($file, strrpos($file, 
".")+1, strlen($file)-strrpos($file, ".")));
                       $fsize = size_readable(filesize($ffile));
                       $fdate = date("d/m/Y", filemtime($ffile));
                       $flink = sprintf("<a href='%s' 
title='%s'>%s</a>", $ffile, htmlentities($file), htmlentities($file));
/*
                       if ($fext == 'jpg' or $fext == 'png') {
                               $fimg = "scalaimg.php?img=" . 
urlencode($filex) . "&amp;alt=64";
                       } else {
*/
                               $fimg = "img/file/$fext.png";
                               if (!file_exists($fimg)) $fimg = 
"img/file/x_generico.png";
//                      }

                       $file_html .= "<div class='file1'><div 
class='file2'><div class='file3'>";
                       $file_html .= "<span><img src='$fimg' 
alt='$file'><p>$flink<br>$fdate<br>$fsize</p></span>";
                       $file_html .= "</div></div></div>\n";
               }
       } else {
               if ($nodir) $file_html = $nofile_s;
       }
       echo $file_html;

       echo "</div>";
       include_once("piede.php");

?>

Ciao

[..]
----- End forwarded message -----

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List