summaryrefslogtreecommitdiffstats
path: root/plugins/webinterface
diff options
context:
space:
mode:
authorDarrell Anderson <humanreadable@yahoo.com>2012-03-21 22:55:48 -0500
committerDarrell Anderson <humanreadable@yahoo.com>2012-03-21 22:55:48 -0500
commit5af9907fee05f882f8d2422e47198ebf61d97bb7 (patch)
tree5f31682a2cf6cb479b3170ec6d0d79f382397634 /plugins/webinterface
parentc6c4865cd4bb5b203de3a0db0cc2182b240570d3 (diff)
downloadktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.tar.gz
ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.zip
Update ktorrent package to 2.2.8 and fix internal geoip database.
This resolves bug report 363.
Diffstat (limited to 'plugins/webinterface')
-rw-r--r--plugins/webinterface/httpserver.cpp8
-rw-r--r--plugins/webinterface/php_handler.cpp9
-rw-r--r--plugins/webinterface/php_handler.h3
3 files changed, 19 insertions, 1 deletions
diff --git a/plugins/webinterface/httpserver.cpp b/plugins/webinterface/httpserver.cpp
index 4d582a7..c85b7f1 100644
--- a/plugins/webinterface/httpserver.cpp
+++ b/plugins/webinterface/httpserver.cpp
@@ -433,6 +433,14 @@ namespace kt
const char* ptr = data.data();
Uint32 len = data.size();
int pos = TQString(data).find("\r\n\r\n");
+
+ if (!session.logged_in || !checkSession(hdr))
+ {
+ // You can't post torrents if you are not logged in
+ // or the session is not OK
+ redirectToLoginPage(hdlr);
+ return;
+ }
if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd')
{
diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp
index d2c2f55..cd8fd63 100644
--- a/plugins/webinterface/php_handler.cpp
+++ b/plugins/webinterface/php_handler.cpp
@@ -82,7 +82,9 @@ namespace kt
for ( it = args.begin(); it != args.end(); ++it )
{
- ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
+ // Check for string delimiters, don't want PHP injection attacks
+ if (!containsDelimiters(it.key()) && !containsDelimiters(it.data()))
+ ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
}
ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script
ts << flush;
@@ -98,6 +100,11 @@ namespace kt
#endif
return launch(data);
}
+
+ bool PhpHandler::containsDelimiters(const QString & str)
+ {
+ return str.contains("\"") || str.contains("'");
+ }
void PhpHandler::onExited()
{
diff --git a/plugins/webinterface/php_handler.h b/plugins/webinterface/php_handler.h
index 9644ad2..37a87e6 100644
--- a/plugins/webinterface/php_handler.h
+++ b/plugins/webinterface/php_handler.h
@@ -46,6 +46,9 @@ namespace kt
signals:
void finished();
+
+ private:
+ bool containsDelimiters(const QString & str);
private:
TQByteArray output;