]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2a59843)
Sharpen up call to 'dangerous' functions.
authordonal72 <donal72>
Thu, 2 Aug 2007 05:35:19 +0000 (05:35 +0000)
committerdonal72 <donal72>
Thu, 2 Aug 2007 05:35:19 +0000 (05:35 +0000)
mnet/xmlrpc/server.php patch | blob | history

diff --git a/mnet/xmlrpc/server.php b/mnet/xmlrpc/server.php
index e24338e1e064eefa371dc9cf199012ffec85acbc..91ad3711cbdca03088c9abb132e2f6af0d5bbdce 100644 (file)
--- a/mnet/xmlrpc/server.php
+++ b/mnet/xmlrpc/server.php
@@ -482,12 +482,18 @@ function mnet_server_dispatch($payload) {
         } elseif ('dangerous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
 
             $functionname = array_pop($callstack);
-            $filename     = array_pop($callstack);
 
             if ($MNET_REMOTE_CLIENT->plaintext_is_ok()) {
 
+                $filename = clean_param(implode('/',$callstack), PARAM_PATH);
+                if (0 == preg_match("/php$/", $filename)) {
+                    // Filename doesn't end in 'php'; possible attack?
+                    // Generate error response - unable to locate function
+                    exit(mnet_server_fault(7012, 'nosuchfunction'));
+                } 
+
                 // The call stack holds the path to any include file
-                $includefile = $CFG->dirroot.'/'.implode('/',$callstack).'/'.$filename.'.php';
+                $includefile = $CFG->dirroot.'/'.$filename;
 
                 $response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
                 echo $response;
Unnamed repository; edit this file to name it for gitweb.