Changeset 3695

Show
Ignore:
Timestamp:
07/06/07 00:51:55 (1 year ago)
Author:
timothy
Message:

Make sure the requested file is contained within the expected root directory.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/Models/JVStyle.m

    r3615 r3695  
    445445        if( path ) return [NSURL fileURLWithPath:path]; 
    446446 
    447         path = [[NSString stringWithFormat:@"~/Library/Application Support/%@/Styles/Variants/%@/%@.css", [[NSBundle mainBundle] objectForInfoDictionaryKey:@"CFBundleName"], [self identifier], name] stringByExpandingTildeInPath]; 
    448         if( [[NSFileManager defaultManager] isReadableFileAtPath:path] ) 
     447        NSString *root = [[NSString stringWithFormat:@"~/Library/Application Support/%@/Styles/Variants/", [[NSBundle mainBundle] objectForInfoDictionaryKey:@"CFBundleName"]] stringByStandardizingPath]; 
     448        path = [[NSString stringWithFormat:@"%@/%@/%@.css", root, [self identifier], name] stringByExpandingTildeInPath]; 
     449        if( [path hasPrefix:root] && [[NSFileManager defaultManager] isReadableFileAtPath:path] ) 
    449450                return [NSURL fileURLWithPath:path]; 
    450451 

  • trunk/Plug-Ins/Web Interface/JVWebInterfacePlugin.m

    r3677 r3695  
    110110        path = [NSString pathWithComponents:parts]; 
    111111        path = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:path]; 
    112  
    113         passThruFile( path, req, resp, server ); 
     112        path = [path stringByStandardizingPath]; 
     113 
     114        if( ! [path hasPrefix:[[NSBundle mainBundle] resourcePath]] ) { 
     115                resp -> status_code = 404; 
     116                resp -> reason_phrase = "Not Found"; 
     117                resp -> printf( resp, "404: Not Found" ); 
     118                return; 
     119        } 
     120 
     121        if( path && [path length] ) 
     122                passThruFile( path, req, resp, server ); 
    114123 
    115124        [pool release]; 
     
    159168        } else { 
    160169                path = [[[style bundle] resourcePath] stringByAppendingPathComponent:path]; 
    161         } 
    162  
    163         passThruFile( path, req, resp, server ); 
     170                path = [path stringByStandardizingPath]; 
     171         
     172                if( ! [path hasPrefix:[[style bundle] resourcePath]] ) { 
     173                        resp -> status_code = 404; 
     174                        resp -> reason_phrase = "Not Found"; 
     175                        resp -> printf( resp, "404: Not Found" ); 
     176                        return; 
     177                } 
     178        } 
     179 
     180        if( path && [path length] ) 
     181                passThruFile( path, req, resp, server ); 
    164182 
    165183        [pool release]; 
     
    192210        path = [NSString pathWithComponents:parts]; 
    193211        path = [[emoticons resourcePath] stringByAppendingPathComponent:path]; 
    194  
    195         passThruFile( path, req, resp, server ); 
     212        path = [path stringByStandardizingPath]; 
     213 
     214        if( ! [path hasPrefix:[emoticons resourcePath]] ) { 
     215                resp -> status_code = 404; 
     216                resp -> reason_phrase = "Not Found"; 
     217                resp -> printf( resp, "404: Not Found" ); 
     218                return; 
     219        } 
     220 
     221        if( path && [path length] ) 
     222                passThruFile( path, req, resp, server ); 
    196223 
    197224        [pool release];