Skip to content

Commit

Permalink
* Fix LFI exploit (Thanks jsifuentes)
Browse files Browse the repository at this point in the history
  • Loading branch information
@peace-maker
peace-maker committed Dec 7, 2014
1 parent 83fa118 commit e526ead
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
4 changes: 3 additions & 1 deletion web_upload/getdemo.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@
die('Demo not found.');
}

if(!file_exists(SB_DEMOS . "/" . $demo['filename']))
$demo['filename'] = basename($demo['filename']);

if(!in_array($demo['filename'], scandir(SB_DEMOS)) || !file_exists(SB_DEMOS . "/" . $demo['filename']))
{
die('File not found.');
}
Expand Down
2 changes: 1 addition & 1 deletion web_upload/includes/sb-callback.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1759,7 +1759,7 @@ function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason,
$_SERVER['REMOTE_ADDR']));
$subid = $GLOBALS['db']->Insert_ID();

if($dname && $dfile)
if($dname && $dfile && preg_match('/^[a-z0-9]*$/i', $dfile))
{
$GLOBALS['db']->Execute("INSERT INTO ".DB_PREFIX."_demos(demid,demtype,filename,origname)
VALUES(?,'B', ?, ?)", array((int)$subid, $dfile, $dname));
Expand Down

0 comments on commit e526ead

Please sign in to comment.