diff options
| author | jhunkeler <jhunkeler@c5b2fb0a-d05d-0410-98c8-828840a80ff6> | 2009-12-23 23:09:43 -0500 |
|---|---|---|
| committer | jhunkeler <jhunkeler@c5b2fb0a-d05d-0410-98c8-828840a80ff6> | 2009-12-23 23:09:43 -0500 |
| commit | c2f9018513eb8d61721382a18055bcded2ca7551 (patch) | |
| tree | d540c5b2733593662f67de691395f342b4f1837a /modules.php | |
| parent | b46318283ca6016f07e3e419f778dd69081ad660 (diff) | |
| download | bayonetcms-c2f9018513eb8d61721382a18055bcded2ca7551.tar.gz | |
Improved human readability.
Now protecting against symbolic links to modules/files.
Removed useless denychars code.
git-svn-id: http://svn.3rd-infantry-division.org/testing/branches/Bayonet CMS v2@397 c5b2fb0a-d05d-0410-98c8-828840a80ff6
Diffstat (limited to 'modules.php')
| -rw-r--r-- | modules.php | 118 |
1 files changed, 65 insertions, 53 deletions
diff --git a/modules.php b/modules.php index c35a351..e576881 100644 --- a/modules.php +++ b/modules.php @@ -18,41 +18,28 @@ */ define("MODULE_FILE",true); - global $load,$index_module; +/** + * Assign _GET variables + */ if(isset($_GET['load'])) $load = $_GET['load']; if(isset($_GET['file'])) $file = $_GET['file']; +/** + * Determine the default module to load + */ if(is_null($load)) { - $load = $config['modules']['default']; -} - -$deny_chars = $config['modules']['deny_chars']; - -$load_temp = $load; - -/* - * broken i guess. -for($chars = 0; $chars <= strlen($load_temp); ++$chars) -{ - foreach($deny_chars as $deny) - { - if($load_temp[$chars] == $deny) - { - OpenTable(); - ReportHack("Invalid characters detected.\n"); - CloseTable(); - } - } + $load = $config['modules']['default']; } -*/ -/* If the error stack has recieved messages, output each failure in a clean fashion */ +/** + * If the error stack has recieved messages, output each failure in a clean fashion + */ global $error_stack_messages; if(!empty($error_stack_messages)) { @@ -65,45 +52,70 @@ if(!empty($error_stack_messages)) //exit(1); } -if(isset($load) && !empty($load) && !isset($file)) +$module_path = "modules/" . $load; +$module_index = $module_path . "/index.php"; +$module_internal_file = "modules/" . $load . "/" . $file; + +/** Sanity Check + * If the module or a file associated with the module is a symbolic link then + * commit suicide. Symbolic links to malicious code can be dangerous. + */ +if(isset($load) || isset($file)) { - if(file_exists("modules/" . $load)) - { - include 'modules/' . $load . '/index.php'; - decho("'$load' module loaded"); - } - else - { - ReportError("Cannot load module directory.<br>\n"); - } + if(is_link($module_path)) + { + decho("Refusing to follow symbolic link to '$load'"); + exit(1); + } + + if(is_link($module_internal_file)) + { + decho("Refusing to follow symbolic link to '$file'"); + exit(1); + } } -elseif(isset($load) && isset($file)) -{ - if(file_exists("modules/" . $load)) - { - //$file_temp = explode('.',$file); - //$file = $file_temp[0]; - - $run = "modules/" . $load . "/" . $file; - - if(file_exists($run)) - { - include $run; - decho("Loaded '$file' file from $load module"); + +/** Sanity Check + * Determine if the module or file passed into $load actually exists + * If everything checks out, load the module or file, else commit suicide. + */ +if(isset($load) && !empty($load) && !isset($file)) +{ + if(file_exists($module_path)) + { + include $module_index; + decho("'$load' module loaded"); } else { - ReportError("Cannot load module directory.<br>\n"); + ReportError("Cannot load module directory.<br>\n"); } - } - else - { - ReportError("Cannot load module file.<br>\n"); - } +} +/** + * Load an internal module file + */ +elseif(isset($load) && isset($file)) +{ + if(file_exists($module_path)) + { + if(file_exists($module_internal_file)) + { + include $module_internal_file; + decho("Loaded '$file' file from $load module"); + } + else + { + ReportError("Cannot load module directory.<br>\n"); + } + } + else + { + ReportError("Cannot load module file.<br>\n"); + } } else { - ReportError("Failure to load module.<br>\n"); + ReportError("Failure to load module.<br>\n"); } |