diff options
| author | Michal Čihař <michal@cihar.com> | 2018-06-21 13:25:53 +0300 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2018-06-21 14:31:00 +0300 |
| commit | 7662d02939fb3cf6f0d9ec32ac664401dcfe7490 (patch) | |
| tree | 476acdb43165110b1cc412b2f70e9df54ba6202d | |
| parent | c27b9c12f2c268e0139378780abb436486aee919 (diff) | |
Avoid looking for ? when checking for file to be included
Signed-off-by: Michal Čihař <michal@cihar.com>
| -rw-r--r-- | index.php | 2 | ||||
| -rw-r--r-- | libraries/classes/Core.php | 10 | ||||
| -rw-r--r-- | test/classes/CoreTest.php | 22 |
3 files changed, 22 insertions, 12 deletions
@@ -56,7 +56,7 @@ if (! empty($_REQUEST['target']) && is_string($_REQUEST['target']) && ! preg_match('/^index/', $_REQUEST['target']) && ! in_array($_REQUEST['target'], $target_blacklist) - && Core::checkPageValidity($_REQUEST['target']) + && Core::checkPageValidity($_REQUEST['target'], [], true) ) { include $_REQUEST['target']; exit; diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php index 4a0687ddea..d574138e37 100644 --- a/libraries/classes/Core.php +++ b/libraries/classes/Core.php @@ -435,12 +435,13 @@ class Core * checks given $page against given $whitelist and returns true if valid * it optionally ignores query parameters in $page (script.php?ignored) * - * @param string &$page page to check - * @param array $whitelist whitelist to check page against + * @param string &$page page to check + * @param array $whitelist whitelist to check page against + * @param boolean $include whether the page is going to be included * * @return boolean whether $page is valid or not (in $whitelist or not) */ - public static function checkPageValidity(&$page, array $whitelist = []) + public static function checkPageValidity(&$page, array $whitelist = [], $include = false) { if (empty($whitelist)) { $whitelist = self::$goto_whitelist; @@ -452,6 +453,9 @@ class Core if (in_array($page, $whitelist)) { return true; } + if ($include) { + return false; + } $_page = mb_substr( $page, diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php index 7a04cf763c..ddda7b7010 100644 --- a/test/classes/CoreTest.php +++ b/test/classes/CoreTest.php @@ -267,9 +267,9 @@ class CoreTest extends PmaTestCase * * @dataProvider providerTestGotoNowhere */ - function testGotoNowhere($page, $whiteList, $expected) + function testGotoNowhere($page, $whiteList, $include, $expected) { - $this->assertSame($expected, Core::checkPageValidity($page, $whiteList)); + $this->assertSame($expected, Core::checkPageValidity($page, $whiteList, $include)); } /** @@ -280,12 +280,18 @@ class CoreTest extends PmaTestCase public function providerTestGotoNowhere() { return array( - array(null, [], false), - array('export.php', [], true), - array('export.php', $this->goto_whitelist, true), - array('shell.php', $this->goto_whitelist, false), - array('index.php?sql.php&test=true', $this->goto_whitelist, true), - array('index.php%3Fsql.php%26test%3Dtrue', $this->goto_whitelist, true), + array(null, [], false, false), + array(null, [], true, false), + array('export.php', [], false, true), + array('export.php', [], true, true), + array('export.php', $this->goto_whitelist, false, true), + array('export.php', $this->goto_whitelist, true, true), + array('shell.php', $this->goto_whitelist, false, false), + array('shell.php', $this->goto_whitelist, true, false), + array('index.php?sql.php&test=true', $this->goto_whitelist, false, true), + array('index.php?sql.php&test=true', $this->goto_whitelist, true, false), + array('index.php%3Fsql.php%26test%3Dtrue', $this->goto_whitelist, false, true), + array('index.php%3Fsql.php%26test%3Dtrue', $this->goto_whitelist, true, false), ); } |