From e21afe5346104f1bbbdee62ed855ddb008756ffa Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Fri, 6 Mar 2009 14:24:47 +0000
Subject: [PATCH] webadmin: Restrict skins to be located inside the skins dir

One needs to be admin to change the current skin dir, but it still sounds
like a good idea to be careful...
Plus, this wont deny symlinks anyway!


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1412 726aef4b-f618-498e-8847-2d620e286838
---
 modules/webadmin.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
index b67c2570..9dd1ab40 100644
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -252,9 +252,14 @@ CString CWebAdminSock::GetAvailSkinsDir() {
 }
 
 CString CWebAdminSock::GetSkinDir() {
-	CString sSkinDir = GetAvailSkinsDir() + GetModule()->GetSkinName() + "/";
+	CString sAvailSkins = GetAvailSkinsDir();
+	CString sSkinDir = sAvailSkins + GetModule()->GetSkinName() + "/";
+	CString sDir = CDir::ChangeDir("./", sSkinDir, "/");
 
-	if (CFile::IsDir(sSkinDir)) {
+	// Via ChangeDir() we check if someone tries to use e.g. a skin name
+	// with embed .. or such evilness.
+	if (sDir.Left(sAvailSkins.length()) == sAvailSkins
+			&& CFile::IsDir(sSkinDir)) {
 		return sSkinDir;
 	}
 
@@ -263,8 +268,6 @@ CString CWebAdminSock::GetSkinDir() {
 
 void CWebAdminSock::PrintPage(CString& sPageRet, const CString& sTmplName) {
 	sPageRet.clear();
-	// @todo possibly standardize the location of meta files such as these skins
-	// @todo give an option for changing the current skin from 'default'
 	CString sTmpl;
 
 	if (IsAdmin()) {