diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/infowidget/geoip/geoip.dat | bin | 1025467 -> 1025470 bytes | |||
-rw-r--r-- | plugins/rssfeed/rssfeed.cpp | 13 | ||||
-rw-r--r-- | plugins/stats/ChartDrawer.h | 2 | ||||
-rw-r--r-- | plugins/webinterface/httpserver.cpp | 8 | ||||
-rw-r--r-- | plugins/webinterface/php_handler.cpp | 9 | ||||
-rw-r--r-- | plugins/webinterface/php_handler.h | 3 |
6 files changed, 31 insertions, 4 deletions
diff --git a/plugins/infowidget/geoip/geoip.dat b/plugins/infowidget/geoip/geoip.dat Binary files differindex 11f1f6b..1f7ca0f 100644 --- a/plugins/infowidget/geoip/geoip.dat +++ b/plugins/infowidget/geoip/geoip.dat diff --git a/plugins/rssfeed/rssfeed.cpp b/plugins/rssfeed/rssfeed.cpp index a067edd..119b9b2 100644 --- a/plugins/rssfeed/rssfeed.cpp +++ b/plugins/rssfeed/rssfeed.cpp @@ -195,11 +195,18 @@ namespace kt if (file.exists()) { - file.open( IO_ReadOnly ); + try + { + file.open( IO_ReadOnly ); TQDataStream in(&file); - in >> m_articles; - emit articlesChanged( m_articles ); + in >> m_articles; + emit articlesChanged( m_articles ); + } + catch (...) + { + m_articles.clear(); + } } } diff --git a/plugins/stats/ChartDrawer.h b/plugins/stats/ChartDrawer.h index 912d153..3dc2f48 100644 --- a/plugins/stats/ChartDrawer.h +++ b/plugins/stats/ChartDrawer.h @@ -23,6 +23,8 @@ #include <stdint.h> +#include <stdint.h> //uint32_t, int64_t + #include <tqwidget.h> #include <tqpainter.h> #include <tqstring.h> diff --git a/plugins/webinterface/httpserver.cpp b/plugins/webinterface/httpserver.cpp index 4d582a7..c85b7f1 100644 --- a/plugins/webinterface/httpserver.cpp +++ b/plugins/webinterface/httpserver.cpp @@ -433,6 +433,14 @@ namespace kt const char* ptr = data.data(); Uint32 len = data.size(); int pos = TQString(data).find("\r\n\r\n"); + + if (!session.logged_in || !checkSession(hdr)) + { + // You can't post torrents if you are not logged in + // or the session is not OK + redirectToLoginPage(hdlr); + return; + } if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd') { diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp index d2c2f55..cd8fd63 100644 --- a/plugins/webinterface/php_handler.cpp +++ b/plugins/webinterface/php_handler.cpp @@ -82,7 +82,9 @@ namespace kt for ( it = args.begin(); it != args.end(); ++it ) { - ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); + // Check for string delimiters, don't want PHP injection attacks + if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) + ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); } ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script ts << flush; @@ -98,6 +100,11 @@ namespace kt #endif return launch(data); } + + bool PhpHandler::containsDelimiters(const QString & str) + { + return str.contains("\"") || str.contains("'"); + } void PhpHandler::onExited() { diff --git a/plugins/webinterface/php_handler.h b/plugins/webinterface/php_handler.h index 9644ad2..37a87e6 100644 --- a/plugins/webinterface/php_handler.h +++ b/plugins/webinterface/php_handler.h @@ -46,6 +46,9 @@ namespace kt signals: void finished(); + + private: + bool containsDelimiters(const QString & str); private: TQByteArray output; |