mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

upport 1.7.6 security fixes

Browse Source
This commit is contained in:
Garvin Hicking
2014-02-06 09:36:31 +01:00
parent 7fe805cd48
commit 3d7765f066
8 changed files with 55 additions and 12 deletions
docs
NEWS
include
admin
entries.inc.phpplugins.inc.php
plugin_api.inc.php
plugins
serendipity_event_templatechooser
serendipity_event_templatechooser.php
serendipity_plugin_templatedropdown
serendipity_plugin_templatedropdown.php
templates/2k11/admin
entries.tplusers.inc.tpl

5
include/plugin_api.inc.php

@ -145,6 +145,7 @@ class serendipity_plugin_api
$id = md5(uniqid(''));
$key = $plugin_class_id . ':' . $id;
$key = serendipity_db_escape_string($key);
// Secure Plugin path. No leading slashes, no backslashes, no "up" directories
$pluginPath = preg_replace('@^(/)@', '', $pluginPath);
@ -164,7 +165,7 @@ class serendipity_plugin_api
$serendipity['debug']['pluginload'][] = "Installing plugin: " . print_r(func_get_args(), true);
$iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('$key', $nextidx, '$default_placement', '$authorid', '$pluginPath')";
$iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('" . htmlspecialchars($key) . "', $nextidx, '$default_placement', '$authorid', '" . htmlspecialchars($pluginPath) . "')";
$serendipity['debug']['pluginload'][] = $iq;
serendipity_db_query($iq);
serendipity_plugin_api::hook_event('backend_plugins_new_instance', $key, array('default_placement' => $default_placement));
@ -179,7 +180,7 @@ class serendipity_plugin_api
$plugin->install();
} else {
$serendipity['debug']['pluginload'][] = "Loading plugin failed painfully. File not found?";
echo '<span class="msg_error">' . ERROR . ': ' . $key . ' (' . $pluginPath . ')</span>';
echo '<span class="msg_error">' . ERROR . ': ' . htmlspecialchars($key) . ' (' . htmlspecialchars($pluginPath) . ')</span>';
}
return $key;