Changeset 588

Show
Ignore:
Timestamp:
09/26/06 22:48:56 (2 years ago)
Author:
Rickard
Message:

Fixed avatars_dir NULL byte injection vulnerability (CVE-2006-4759).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/upload/admin_options.php

    r232 r588  
    6363        if (substr($form['base_url'], -1) == '/') 
    6464                $form['base_url'] = substr($form['base_url'], 0, -1); 
     65 
     66        // Clean avatars_dir 
     67        $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); 
    6568 
    6669        // Make sure avatars_dir doesn't end with a slash