diff options
| author | Darrell Anderson <humanreadable@yahoo.com> | 2012-03-21 22:55:48 -0500 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2012-06-06 03:48:52 +0200 |
| commit | efc0041311ffa4d2d6172e2dd7cb72b6d98cc77e (patch) | |
| tree | 6c513e2d1bddbc079722d87353a4e7520ee01a23 /plugins | |
| parent | c230af4e94074f5e9668b6fb38a13a8988491af6 (diff) | |
| download | ktorrent-efc0041311ffa4d2d6172e2dd7cb72b6d98cc77e.tar.gz ktorrent-efc0041311ffa4d2d6172e2dd7cb72b6d98cc77e.zip | |
Update ktorrent package to 2.2.8 and fix internal geoip database.
This resolves bug report 363.
(cherry picked from commit 5af9907fee05f882f8d2422e47198ebf61d97bb7)
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/infowidget/geoip/geoip.dat | bin | 1025467 -> 1025470 bytes | |||
| -rw-r--r-- | plugins/rssfeed/rssfeed.cpp | 13 | ||||
| -rw-r--r-- | plugins/stats/ChartDrawer.h | 2 | ||||
| -rw-r--r-- | plugins/webinterface/httpserver.cpp | 8 | ||||
| -rw-r--r-- | plugins/webinterface/php_handler.cpp | 9 | ||||
| -rw-r--r-- | plugins/webinterface/php_handler.h | 3 |
6 files changed, 31 insertions, 4 deletions
diff --git a/plugins/infowidget/geoip/geoip.dat b/plugins/infowidget/geoip/geoip.dat Binary files differindex 11f1f6b..1f7ca0f 100644 --- a/plugins/infowidget/geoip/geoip.dat +++ b/plugins/infowidget/geoip/geoip.dat diff --git a/plugins/rssfeed/rssfeed.cpp b/plugins/rssfeed/rssfeed.cpp index 2b70193..a281da0 100644 --- a/plugins/rssfeed/rssfeed.cpp +++ b/plugins/rssfeed/rssfeed.cpp @@ -195,11 +195,18 @@ namespace kt if (file.exists()) { - file.open( IO_ReadOnly ); + try + { + file.open( IO_ReadOnly ); TQDataStream in(&file); - in >> m_articles; - emit articlesChanged( m_articles ); + in >> m_articles; + emit articlesChanged( m_articles ); + } + catch (...) + { + m_articles.clear(); + } } } diff --git a/plugins/stats/ChartDrawer.h b/plugins/stats/ChartDrawer.h index 2345f14..0e536ac 100644 --- a/plugins/stats/ChartDrawer.h +++ b/plugins/stats/ChartDrawer.h @@ -23,6 +23,8 @@ #include <stdint.h> +#include <stdint.h> //uint32_t, int64_t + #include <tqwidget.h> #include <tqpainter.h> #include <tqstring.h> diff --git a/plugins/webinterface/httpserver.cpp b/plugins/webinterface/httpserver.cpp index 4d582a7..c85b7f1 100644 --- a/plugins/webinterface/httpserver.cpp +++ b/plugins/webinterface/httpserver.cpp @@ -433,6 +433,14 @@ namespace kt const char* ptr = data.data(); Uint32 len = data.size(); int pos = TQString(data).find("\r\n\r\n"); + + if (!session.logged_in || !checkSession(hdr)) + { + // You can't post torrents if you are not logged in + // or the session is not OK + redirectToLoginPage(hdlr); + return; + } if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd') { diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp index d2c2f55..cd8fd63 100644 --- a/plugins/webinterface/php_handler.cpp +++ b/plugins/webinterface/php_handler.cpp @@ -82,7 +82,9 @@ namespace kt for ( it = args.begin(); it != args.end(); ++it ) { - ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); + // Check for string delimiters, don't want PHP injection attacks + if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) + ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); } ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script ts << flush; @@ -98,6 +100,11 @@ namespace kt #endif return launch(data); } + + bool PhpHandler::containsDelimiters(const QString & str) + { + return str.contains("\"") || str.contains("'"); + } void PhpHandler::onExited() { diff --git a/plugins/webinterface/php_handler.h b/plugins/webinterface/php_handler.h index 197bdb7..8bffe02 100644 --- a/plugins/webinterface/php_handler.h +++ b/plugins/webinterface/php_handler.h @@ -46,6 +46,9 @@ namespace kt signals: void finished(); + + private: + bool containsDelimiters(const QString & str); private: TQByteArray output; |