From 5af9907fee05f882f8d2422e47198ebf61d97bb7 Mon Sep 17 00:00:00 2001 From: Darrell Anderson Date: Wed, 21 Mar 2012 22:55:48 -0500 Subject: Update ktorrent package to 2.2.8 and fix internal geoip database. This resolves bug report 363. --- plugins/webinterface/httpserver.cpp | 8 ++++++++ plugins/webinterface/php_handler.cpp | 9 ++++++++- plugins/webinterface/php_handler.h | 3 +++ 3 files changed, 19 insertions(+), 1 deletion(-) (limited to 'plugins/webinterface') diff --git a/plugins/webinterface/httpserver.cpp b/plugins/webinterface/httpserver.cpp index 4d582a7..c85b7f1 100644 --- a/plugins/webinterface/httpserver.cpp +++ b/plugins/webinterface/httpserver.cpp @@ -433,6 +433,14 @@ namespace kt const char* ptr = data.data(); Uint32 len = data.size(); int pos = TQString(data).find("\r\n\r\n"); + + if (!session.logged_in || !checkSession(hdr)) + { + // You can't post torrents if you are not logged in + // or the session is not OK + redirectToLoginPage(hdlr); + return; + } if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd') { diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp index d2c2f55..cd8fd63 100644 --- a/plugins/webinterface/php_handler.cpp +++ b/plugins/webinterface/php_handler.cpp @@ -82,7 +82,9 @@ namespace kt for ( it = args.begin(); it != args.end(); ++it ) { - ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); + // Check for string delimiters, don't want PHP injection attacks + if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) + ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); } ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script ts << flush; @@ -98,6 +100,11 @@ namespace kt #endif return launch(data); } + + bool PhpHandler::containsDelimiters(const QString & str) + { + return str.contains("\"") || str.contains("'"); + } void PhpHandler::onExited() { diff --git a/plugins/webinterface/php_handler.h b/plugins/webinterface/php_handler.h index 9644ad2..37a87e6 100644 --- a/plugins/webinterface/php_handler.h +++ b/plugins/webinterface/php_handler.h @@ -46,6 +46,9 @@ namespace kt signals: void finished(); + + private: + bool containsDelimiters(const QString & str); private: TQByteArray output; -- cgit v1.2.1