diff options
| author | nachoparker <nacho@ownyourbits.com> | 2018-10-27 17:00:15 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2018-10-27 17:00:15 +0300 |
| commit | 1758331c1875263b8b4a1176de1a0056d1f7d0c7 (patch) | |
| tree | ee15fa4f8ab6b594484e5d55075ad185f649b801 | |
| parent | 6446229a7db29564f297aecc64f56d7491d0caf4 (diff) | |
check for path transversalv0.64.11
| -rw-r--r-- | changelog.md | 8 | ||||
| -rw-r--r-- | ncp.sh | 3 | ||||
| -rwxr-xr-x | update.sh | 12 |
3 files changed, 19 insertions, 4 deletions
diff --git a/changelog.md b/changelog.md index 25e0bf7a..0382d4f9 100644 --- a/changelog.md +++ b/changelog.md @@ -1,9 +1,11 @@ -[v0.64.10](https://github.com/nextcloud/nextcloudpi/commit/f836c87) (2018-10-24) update: update sources +[v0.64.11](https://github.com/nextcloud/nextcloudpi/commit/89218e5) (2018-10-27) check for path transversal -[v0.64.9](https://github.com/nextcloud/nextcloudpi/commit/b847ad4) (2018-10-23) ncp-config: use simple characters +[v0.64.10](https://github.com/nextcloud/nextcloudpi/commit/26083e9) (2018-10-24) update: update sources -[v0.64.8 ](https://github.com/nextcloud/nextcloudpi/commit/dceacdf) (2018-10-22) ncp-web: update chinese translations +[v0.64.9 ](https://github.com/nextcloud/nextcloudpi/commit/54e5c21) (2018-10-23) ncp-config: use simple characters + +[v0.64.8 ](https://github.com/nextcloud/nextcloudpi/commit/9d998ae) (2018-10-22) ncp-web: update chinese translations [v0.64.7 ](https://github.com/nextcloud/nextcloudpi/commit/20a4147) (2018-10-21) ncp-web: update chinese translations @@ -130,7 +130,8 @@ EOF cat > /home/www/ncp-launcher.sh <<'EOF' #!/bin/bash DIR=/usr/local/etc/ncp-config.d -test -f $DIR/$1 || { echo "File not found"; exit 1; } +[[ -f $DIR/$1 ]] || { echo "File not found"; exit 1; } +[[ "$1" =~ ../ ]] && { echo "Forbidden path"; exit 2; } source /usr/local/etc/library.sh cd $DIR launch_script $1 @@ -218,6 +218,18 @@ EOF [[ "$( ls -l /etc/php/7.2/fpm/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.2/fpm/conf.d/*-opcache.ini | tail -1 )" [[ "$( ls -l /etc/php/7.2/cli/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.2/cli/conf.d/*-opcache.ini | tail -1 )" + # update launcher + cat > /home/www/ncp-launcher.sh <<'EOF' +#!/bin/bash +DIR=/usr/local/etc/ncp-config.d +[[ -f $DIR/$1 ]] || { echo "File not found"; exit 1; } +[[ "$1" =~ ../ ]] && { echo "Forbidden path"; exit 2; } +source /usr/local/etc/library.sh +cd $DIR +launch_script $1 +EOF + chmod 700 /home/www/ncp-launcher.sh + } # end - only live updates exit 0 |