Fix: Multiple directory traversal vulnerabilities with document.php

2025-12-15 22:11:36 +01:00 · 2012-02-27 17:02:56 +01:00
parent 1d0d820221
commit 8f9b9987ff
10 changed files with 70 additions and 66 deletions
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -257,7 +257,11 @@ function GETPOST($paramname,$check='',$method=0)
 		// Check if alpha
 		//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
 		// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
-		if ($check == 'alpha' && preg_match('/"/',trim($out))) $out='';
+		if ($check == 'alpha')
+		{
+			if (preg_match('/"/',trim($out))) $out='';
+			else if (preg_match('/(\.\.\/)+/',trim($out))) $out='';
+		}
 	}

 	return $out;