diff options
| author | Michael Hamann <michael@content-space.de> | 2010-03-16 15:33:58 +0100 |
|---|---|---|
| committer | Michael Hamann <michael@content-space.de> | 2010-03-16 15:42:06 +0100 |
| commit | c77fa67b50d49455e3b518eeb2bcbd0531d07165 (patch) | |
| tree | cad90037b480c41d6a814476c998a8c7dad50f5d /lib/exe/xmlrpc.php | |
| parent | 5ce4ea1542521e553f96e379988478345646bcb6 (diff) | |
| download | rpg-c77fa67b50d49455e3b518eeb2bcbd0531d07165.tar.gz rpg-c77fa67b50d49455e3b518eeb2bcbd0531d07165.tar.bz2 | |
Use md5sum of id and client ip as temporary filename in XML-RPC
Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.
Diffstat (limited to 'lib/exe/xmlrpc.php')
| -rw-r--r-- | lib/exe/xmlrpc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 670ab5d7e..b6b9f0e52 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -578,7 +578,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { return new IXR_ERROR(1, 'Filename not given.'); } - $ftmp = $conf['tmpdir'] . '/' . $id; + $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP()); // save temporary file @unlink($ftmp); |