Details
-
Bug
-
Status: Closed (View Workflow)
-
Trivial
-
Resolution: Invalid
-
3.0.4
-
None
-
None
-
PHP Environment: 5.2.8
Database: MySQL 5.0.67
Description
Here's the piece of code.
if ($pos_domain !== false && $pos_path >= $pos_domain && $pos_ext >= $pos_path)
|
{
|
// Ok, actually we allow linking to some files (this may be able to be extended in some way later...)
|
if (strpos($url, '/' . $check_path . '/download/file.php') !== 0)
|
{
|
return false;
|
}
|
|
return true;
|
}
|
the strpos function contains two errors:
1) Appending '/' before $check_path cause $check_path to have two slashes at the beginning, because it has yet a initial '/'. Additionally, if the root path is '/', the second argument of strpos will have three slashes!! (///download/file.php)
2) strpos is not used properly, because it returns false if it doesn't find any occurrence of the string, and not zero.
so, the if statement checks only if that string isn't at the beginning of url, but all other cases (i.e. string not found or string found in other parts of the string) will be valid.
It should be changed in !== false.