diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-02-19 15:38:00 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-02-19 15:38:00 +0100 |
| commit | 2d5b3899a68adb496d6e20e93352395ba7b5dd2e (patch) | |
| tree | 0ce35223cdbd079b8197fb9d50fd1f6fe81261af /lib/private/l10n.php | |
| parent | 952584e9c782d196eb2bcd6df1e3ecdf21adcb55 (diff) | |
| download | nextcloud-server-2d5b3899a68adb496d6e20e93352395ba7b5dd2e.tar.gz nextcloud-server-2d5b3899a68adb496d6e20e93352395ba7b5dd2e.zip | |
Hardening: Remove dangerous characters + Subdirectory Check
If an user is able to create folders in /core/l10n/ he is able to execute arbitrary code. Therefore I've added an `issubdirectory` check and removed all potential dangerous characters from `$lang`.
Diffstat (limited to 'lib/private/l10n.php')
| -rw-r--r-- | lib/private/l10n.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/l10n.php b/lib/private/l10n.php index 1ade18ea427..ad979a92870 100644 --- a/lib/private/l10n.php +++ b/lib/private/l10n.php @@ -118,7 +118,7 @@ class OC_L10N implements \OCP\IL10N { return; } $app = OC_App::cleanAppId($this->app); - $lang = $this->lang; + $lang = str_replace(array('\0', '/', '\\', '..'), '', $this->lang); $this->app = true; // Find the right language if(is_null($lang) || $lang == '') { @@ -163,7 +163,7 @@ class OC_L10N implements \OCP\IL10N { } } - if(file_exists(OC::$SERVERROOT.'/core/l10n/l10n-'.$lang.'.php')) { + if(file_exists(OC::$SERVERROOT.'/core/l10n/l10n-'.$lang.'.php') && OC_Helper::issubdirectory(OC::$SERVERROOT.'/core/l10n/l10n-'.$lang.'.php', OC::$SERVERROOT.'/core/l10n/')) { // Include the file, save the data from $CONFIG include OC::$SERVERROOT.'/core/l10n/l10n-'.$lang.'.php'; if(isset($LOCALIZATIONS) && is_array($LOCALIZATIONS)) { |