lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX CVE-2019-11199

Browse Source
This commit is contained in:
Laurent Destailleur 2019-04-25 23:36:19 +02:00
parent 63c0ab93fb
commit 9760ed5c8d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/viewimage.php
View File

@ -169,6 +169,9 @@ $type = 'application/octet-stream';
if (GETPOST('type','alpha')) $type=GETPOST('type','alpha'); if (GETPOST('type','alpha')) $type=GETPOST('type','alpha');
else $type=dol_mimetype($original_file); else $type=dol_mimetype($original_file);
// Security: This wrapper is for images. We do not allow type/html
if (preg_match('/html/', $type)) accessforbidden('Error: Using the image wrapper to output a file with a mime type HTML is not possible.', 1, 1, 1);
// Security: Delete string ../ into $original_file // Security: Delete string ../ into $original_file
$original_file = str_replace("../","/", $original_file); $original_file = str_replace("../","/", $original_file);
@ -176,7 +179,7 @@ $original_file = str_replace("../","/", $original_file);
$refname=basename(dirname($original_file)."/"); $refname=basename(dirname($original_file)."/");
// Security check // Security check
if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart'); if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 1, 1, 1);
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname); $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
$accessallowed = $check_access['accessallowed']; $accessallowed = $check_access['accessallowed'];