Module: nagvis Branch: nagvis-1.4 Commit: 77f277a0f47d2f4b3828cc4711d2ac2b83759980 URL: http://nagvis.git.sourceforge.net/git/gitweb.cgi?p=nagvis/nagvis/nagvis;a=commit;h=77f277a0f47d2f4b3828cc4711d2ac2b83759980
Author: Lars Michelsen <[email protected]> Date: Thu Sep 3 08:49:25 2009 +0200 #94 Fix for medium/high risk local file include vulnerability in nagvis rotation --- nagvis/nagvis/includes/classes/NagVisUrl.php | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/nagvis/nagvis/includes/classes/NagVisUrl.php b/nagvis/nagvis/includes/classes/NagVisUrl.php index 8bdbaea..f83dd2f 100644 --- a/nagvis/nagvis/includes/classes/NagVisUrl.php +++ b/nagvis/nagvis/includes/classes/NagVisUrl.php @@ -54,7 +54,15 @@ class NagVisUrl { private function fetchContents() { // Suppress error messages from file_get_contents $oldLevel = error_reporting(0); - + + // Only allow urls not paths for security reasons + // Reported here: http://news.gmane.org/find-root.php?message_id=%3cf60c42280909021938s7f36c0edhd66d3e9156a5d081%40mail.gmail.com%3e + $aUrl = parse_url($this->strUrl); + if(!isset($aUrl['scheme']) || $aUrl['scheme'] == '') { + echo new GlobalFrontendMessageBox('ERROR', $this->CORE->LANG->getText('problemReadingUrl', 'URL~'.$this->strUrl.',MSG~Not allowed url'), $this->CORE->MAINCFG->getValue('paths','htmlbase'), 'error'); + exit(1); + } + if(false == ($this->strContents = file_get_contents($this->strUrl))) { $aError = error_get_last(); ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Nagvis-checkins mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
