Prevent information disclosure in farms by disallowing subdirectories

author: Michael Hamann <michael@content-space.de> 2012-07-08 22:15:53 +0200
committer: Michael Hamann <michael@content-space.de> 2012-07-08 22:15:53 +0200
commit: d4b0843fe48991272f1c1c64898e8a44dc949ad0 (patch)
tree: 37cec1eacfaea02997dac2f316d7f9202f439072 /inc/farm.php
parent: af619c5afc1c9daa04d50f4e245ef5a8ef01d8d1 (diff)
download: rpg-d4b0843fe48991272f1c1c64898e8a44dc949ad0.tar.gz
rpg-d4b0843fe48991272f1c1c64898e8a44dc949ad0.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/inc/farm.php b/inc/farm.php
index a998eaab6..af1035707 100644
--- a/inc/farm.php
+++ b/inc/farm.php
@@ -46,8 +46,8 @@ function farm_confpath($farm) {
     if(isset($_REQUEST['animal']) || ('cli' == php_sapi_name() && isset($_SERVER['animal']))) {
         $mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli';
         $animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal'];
-        // check that $animal is a string and specifies a subdirectory of $farm
-        if (!is_string($animal) || strpos(fullpath($farm.'/'.$animal), fullpath($farm).'/') !== 0)
+        // check that $animal is a string and just a directory name and not a path
+        if (!is_string($animal) || strpbrk($animal, '\\/') !== false)
             nice_die('Sorry! Invalid animal name!');
         if(!is_dir($farm.'/'.$animal))
             nice_die("Sorry! This Wiki doesn't exist!");
author	Michael Hamann <michael@content-space.de>	2012-07-08 22:15:53 +0200
committer	Michael Hamann <michael@content-space.de>	2012-07-08 22:15:53 +0200
commit	d4b0843fe48991272f1c1c64898e8a44dc949ad0 (patch)
tree	37cec1eacfaea02997dac2f316d7f9202f439072 /inc/farm.php
parent	af619c5afc1c9daa04d50f4e245ef5a8ef01d8d1 (diff)
download	rpg-d4b0843fe48991272f1c1c64898e8a44dc949ad0.tar.gz rpg-d4b0843fe48991272f1c1c64898e8a44dc949ad0.tar.bz2