kazhnuz/koblog
1
0
Fork 0
Code Issues 31 Pull requests Projects 3 Releases Packages Wiki Activity Actions

Fix #1246 Arbitrary zip/directory deletion vulnerability in backup plugin

Browse source
This commit is contained in:
Anaggh S 2020-10-01 23:33:59 +05:30
parent 9a82bd4f32
commit 96c21ed2ea
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bl-plugins/backup/plugin.php
View file

@ -290,6 +290,14 @@ class pluginBackup extends Plugin {
{ {
global $L; global $L;
// Prevent arbitrary deletion. Check if directory/zip backup exists
if (! in_array(
$this->zip ? "$filename.zip" : $filename,
array_map('basename', glob($this->workspace().'*')))
) {
return $this->response(400, sprintf($L->get("Invalid Backup '%s'"), $filename));
}
if ($this->zip) { if ($this->zip) {
// Zip format // Zip format
$tmp = $this->workspace().$filename.'.zip'; $tmp = $this->workspace().$filename.'.zip';