From 6c8e8b5ed4df3dbdb930038ea11cb6159f070bc5 Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Fri, 9 May 2003 02:05:16 +0000
Subject: [PATCH] IMPORTANT SECURITY FIX:  this prevents bad characters being
 passed to help.php

---
 help.php       | 14 +++++++-------
 lib/weblib.php | 22 ++++++++++++++--------
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/help.php b/help.php
index 6a11214009..abcfb995d4 100644
--- a/help.php
+++ b/help.php
@@ -14,8 +14,8 @@
 
   print_header();
 
-  if (ereg("\\.\\.", $file)) {
-      error("Filenames can not contain \"..\"");
+  if (detect_munged_arguments("$module/$file")) {
+      error("Filenames contain illegal characters!");
   }
 
   if ($file) {
@@ -28,7 +28,7 @@
         if (file_exists("$filepath")) {
             require_once("$filepath");           // Chosen language
 
-        } else {                            // Fall back to English
+        } else {                                 // Fall back to English
             if ($module == "moodle") {
                 $filepath = "$CFG->dirroot/lang/en/help/$file";
             } else {
@@ -43,13 +43,13 @@
             }
         }
     } else {
-        echo "<P>";
+        echo "<p>";
         echo $text;
-        echo "</P>";
+        echo "</p>";
     }
 
     close_window_button();
 ?>
-</BODY>
-</HTML>
+</body>
+</html>
 
diff --git a/lib/weblib.php b/lib/weblib.php
index 32a4970b84..de56c773ab 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -378,6 +378,19 @@ function validate_email ($address) {
                   $address));
 }
 
+function detect_munged_arguments($string) {
+    if (ereg("\.\.", $string)) { // check for parent URLs
+        return true;
+    }
+    if (ereg("\|", $string)) {  // check for pipes
+        return true;
+    }
+    if (ereg("\'", $string)) {  // check for backquotes
+        return true;
+    }
+    return false;
+}
+
 function get_slash_arguments($file="file.php") {
 /// Searches the current environment variables for some slash arguments
 
@@ -398,16 +411,9 @@ function parse_slash_arguments($string, $i=0) {
 /// Extracts arguments from "/foo/bar/something"
 /// eg http://mysite.com/script.php/foo/bar/something
 
-    if (strpos($string, "..")) { // check for parent URLs
-        return false;
-    }
-    if (strpos($string, "|")) {  // check for pipes
+    if (detect_munged_arguments($string)) {
         return false;
     }
-    if (strpos($string, "`")) {  // check for backquotes
-        return false;
-    }
-
     $args = explode("/", $string);
 
     if ($i) {     // return just the required argument
-- 
2.39.5