diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-25 01:13:40 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-25 01:13:40 +0000 |
| commit | 63e8d1e3d322fc15024b50fdabc060333420ed9d (patch) | |
| tree | 24b1c7363a5cc52b9276422bad53c5208bf2e687 | |
| parent | 5101fd24a5f4334d24d6457adc9191d5019cee59 (diff) | |
| download | brdo-63e8d1e3d322fc15024b50fdabc060333420ed9d.tar.gz brdo-63e8d1e3d322fc15024b50fdabc060333420ed9d.tar.bz2 | |
#324875: SA-2008-067 (#324824): Fix file inclusion vulnerability.
| -rw-r--r-- | includes/bootstrap.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index fc1e2d83a..171e9d77e 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -347,6 +347,11 @@ function conf_path($require_settings = TRUE, $reset = FALSE) { } $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); + if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE || strpos($_SERVER['HTTP_HOST'], '\\') !== FALSE) { + // A HTTP_HOST containing slashes may be an attack and is invalid. + header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); + exit; + } $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); for ($i = count($uri) - 1; $i > 0; $i--) { for ($j = count($server); $j > 0; $j--) { |