[geeklog-devel] Testing of getimage.php
Vincent Furia
vmf at abtech.org
Wed Jan 7 23:41:31 EST 2004
Tony,
I'd recommend using the php function "basename()" on the $image
variable. That way there will be no way to sneek a path in... Also,
check to see if those $_CONF variables are empty. If not I could see
that causing some problems in the future. Also, for future reference,
rather than checking for ".." in a pathname you can use the "realpath()"
function to resolve "..", ".", and symbolic links to the actual path to
a file.
Hope this helps.
-Vinny
Dirk Haun wrote:
>Tony,
>
>
>
>>My only real issue with what I have done is security. I'm worried that
>>it may be possible to hack the getstring in a way that may allow access
>>to unrestricted files.
>>
>>
>
>Since you're including lib-common.php in the very first line, which then
>goes on to include config.php (all with hard-coded paths), it would
>overwrite whatever path was passed in the URL. So that shouldn't be a problem.
>
>The only issue would come up if someone doesn't have the
>$_CONF['path_images'] defined in their config.php (e.g. because they were
>using an old copy). But that would probably be noticed before any hacking
>attempts ...
>
>
>
>
>>and I am check for '..' in the image name for someone that
>>may try using relative paths
>>
>>
>
>That certainly can't hurt.
>
>
>
>
>>If you get a chance, give it a try.
>>
>>
>
>Haven't tried it yet, the above were just thoughts after looking at the
>source.
>
>bye, Dirk
>
>
>
>
More information about the geeklog-devel
mailing list