diff options
| author | Darrell Anderson <[email protected]> | 2012-03-21 22:55:48 -0500 |
|---|---|---|
| committer | Slávek Banko <[email protected]> | 2012-06-06 03:48:52 +0200 |
| commit | efc0041311ffa4d2d6172e2dd7cb72b6d98cc77e (patch) | |
| tree | 6c513e2d1bddbc079722d87353a4e7520ee01a23 /plugins/webinterface | |
| parent | c230af4e94074f5e9668b6fb38a13a8988491af6 (diff) | |
| download | ktorrent-efc0041311ffa4d2d6172e2dd7cb72b6d98cc77e.tar.gz ktorrent-efc0041311ffa4d2d6172e2dd7cb72b6d98cc77e.zip | |
Update ktorrent package to 2.2.8 and fix internal geoip database.
This resolves bug report 363.
(cherry picked from commit 5af9907fee05f882f8d2422e47198ebf61d97bb7)
Diffstat (limited to 'plugins/webinterface')
| -rw-r--r-- | plugins/webinterface/httpserver.cpp | 8 | ||||
| -rw-r--r-- | plugins/webinterface/php_handler.cpp | 9 | ||||
| -rw-r--r-- | plugins/webinterface/php_handler.h | 3 |
3 files changed, 19 insertions, 1 deletions
diff --git a/plugins/webinterface/httpserver.cpp b/plugins/webinterface/httpserver.cpp index 4d582a7..c85b7f1 100644 --- a/plugins/webinterface/httpserver.cpp +++ b/plugins/webinterface/httpserver.cpp @@ -433,6 +433,14 @@ namespace kt const char* ptr = data.data(); Uint32 len = data.size(); int pos = TQString(data).find("\r\n\r\n"); + + if (!session.logged_in || !checkSession(hdr)) + { + // You can't post torrents if you are not logged in + // or the session is not OK + redirectToLoginPage(hdlr); + return; + } if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd') { diff --git a/plugins/webinterface/php_handler.cpp b/plugins/webinterface/php_handler.cpp index d2c2f55..cd8fd63 100644 --- a/plugins/webinterface/php_handler.cpp +++ b/plugins/webinterface/php_handler.cpp @@ -82,7 +82,9 @@ namespace kt for ( it = args.begin(); it != args.end(); ++it ) { - ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); + // Check for string delimiters, don't want PHP injection attacks + if (!containsDelimiters(it.key()) && !containsDelimiters(it.data())) + ts << TQString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data()); } ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script ts << flush; @@ -98,6 +100,11 @@ namespace kt #endif return launch(data); } + + bool PhpHandler::containsDelimiters(const QString & str) + { + return str.contains("\"") || str.contains("'"); + } void PhpHandler::onExited() { diff --git a/plugins/webinterface/php_handler.h b/plugins/webinterface/php_handler.h index 197bdb7..8bffe02 100644 --- a/plugins/webinterface/php_handler.h +++ b/plugins/webinterface/php_handler.h @@ -46,6 +46,9 @@ namespace kt signals: void finished(); + + private: + bool containsDelimiters(const QString & str); private: TQByteArray output; |