lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security hole

Browse Source
This commit is contained in:
Laurent Destailleur 2015-04-21 11:41:21 +02:00
parent 94589b9935
commit 7a4d1d990e
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/filefunc.inc.php
View File

@ -67,12 +67,15 @@ $conffiletoshow = "htdocs/conf/conf.php";
//$conffile = "/etc/dolibarr/conf.php";
//$conffiletoshow = "/etc/dolibarr/conf.php";
//replace conf filename with "conf" parameter on url by GET
if (!empty($_GET['conf'])) {
setcookie('dolconf', $_GET['conf'],0,'/');
$conffile = 'conf/' . $_GET['conf'] . '.php';
// Replace conf filename with "conf" parameter on url by GET
if (! empty($_GET['conf']))
{
$confname=basename($_GET['conf']);
setcookie('dolconf', $confname, 0, '/');
$conffile = 'conf/'.$confname.'.php';
} else {
$conffile = 'conf/' . (!empty($_COOKIE['dolconf']) ? $_COOKIE['dolconf'] : 'conf') . '.php';
$confname=basename(empty($_COOKIE['dolconf']) ? 'conf' : $_COOKIE['dolconf']);
$conffile = 'conf/'.$confname.'.php';
}