Update ktorrent package to 2.2.8 and fix internal geoip database.

This resolves bug report 363.
author: Darrell Anderson <[email protected]> 2012-03-21 22:55:48 -0500
committer: Darrell Anderson <[email protected]> 2012-03-21 22:55:48 -0500
commit: 5af9907fee05f882f8d2422e47198ebf61d97bb7 (patch)
tree: 5f31682a2cf6cb479b3170ec6d0d79f382397634 /plugins/webinterface/php_handler.cpp
parent: c6c4865cd4bb5b203de3a0db0cc2182b240570d3 (diff)
download: ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.tar.gz
ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp
index d2c2f55..cd8fd63 100644
--- a/plugins/webinterface/php_handler.cpp
+++ b/plugins/webinterface/php_handler.cpp
@@ -82,7 +82,9 @@ namespace kt
 			
 		for ( it = args.begin(); it != args.end(); ++it )
 		{
-			ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
+			// Check for string delimiters, don't want PHP injection attacks
+			if (!containsDelimiters(it.key()) && !containsDelimiters(it.data()))
+				ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
 		}
 		ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script
 		ts << flush;
@@ -98,6 +100,11 @@ namespace kt
 #endif
 		return launch(data);
 	}
+
+	bool PhpHandler::containsDelimiters(const QString & str)
+	{
+		return str.contains("\"") || str.contains("'");
+	}
 	
 	void PhpHandler::onExited()
 	{
author	Darrell Anderson <[email protected]>	2012-03-21 22:55:48 -0500
committer	Darrell Anderson <[email protected]>	2012-03-21 22:55:48 -0500
commit	5af9907fee05f882f8d2422e47198ebf61d97bb7 (patch)
tree	5f31682a2cf6cb479b3170ec6d0d79f382397634 /plugins/webinterface/php_handler.cpp
parent	c6c4865cd4bb5b203de3a0db0cc2182b240570d3 (diff)
download	ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.tar.gz ktorrent-5af9907fee05f882f8d2422e47198ebf61d97bb7.zip