diff options
author | Darrell Anderson <humanreadable@yahoo.com> | 2012-03-21 22:55:48 -0500 |
---|---|---|
committer | Darrell Anderson <humanreadable@yahoo.com> | 2012-03-21 22:55:48 -0500 |
commit | 5af9907fee05f882f8d2422e47198ebf61d97bb7 (patch) | |
tree | 5f31682a2cf6cb479b3170ec6d0d79f382397634 /plugins/webinterface | |
parent | c6c4865cd4bb5b203de3a0db0cc2182b240570d3 (diff) | |
download | ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.tar.gz ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.zip |
Update ktorrent package to 2.2.8 and fix internal geoip database.
This resolves bug report 363.
Diffstat (limited to 'plugins/webinterface')
-rw-r--r-- | plugins/webinterface/httpserver.cpp | 8 | ||||
-rw-r--r-- | plugins/webinterface/php_handler.cpp | 9 | ||||
-rw-r--r-- | plugins/webinterface/php_handler.h | 3 |
3 files changed, 19 insertions, 1 deletions
diff --git a/plugins/webinterface/httpserver.cpp b/plugins/webinterface/httpserver.cpp index 4d582a7..c85b7f1 100644 --- a/plugins/webinterface/httpserver.cpp +++ b/plugins/webinterface/httpserver.cpp @@ -433,6 +433,14 @@ namespace kt const char* ptr = data.data(); Uint32 len = data.size(); int pos = TQString(data).find("\r\n\r\n"); + + if (!session.logged_in || !checkSession(hdr)) + { + // You can't post torrents if you are not logged in + // or the session is not OK + redirectToLoginPage(hdlr); + return; + } if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd') { diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp index d2c2f55..cd8fd63 100644 --- a/plugins/webinterface/php_handler.cpp +++ b/plugins/webinterface/php_handler.cpp @@ -82,7 +82,9 @@ namespace kt for ( it = args.begin(); it != args.end(); ++it ) { - ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); + // Check for string delimiters, don't want PHP injection attacks + if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) + ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); } ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script ts << flush; @@ -98,6 +100,11 @@ namespace kt #endif return launch(data); } + + bool PhpHandler::containsDelimiters(const QString & str) + { + return str.contains("\"") || str.contains("'"); + } void PhpHandler::onExited() { diff --git a/plugins/webinterface/php_handler.h b/plugins/webinterface/php_handler.h index 9644ad2..37a87e6 100644 --- a/plugins/webinterface/php_handler.h +++ b/plugins/webinterface/php_handler.h @@ -46,6 +46,9 @@ namespace kt signals: void finished(); + + private: + bool containsDelimiters(const QString & str); private: TQByteArray output; |