A common pattern for checking directories in ZNC is the following:
sAbsolutePath = CDir::ChangeDir(sAllowedPath, sFile);
if (sAbsolutePath.Left(sAllowedPath.length()) != sAllowedPath)
Error;
But there is a problem: If sAllowedPath doesn't end with a slash, we are
vulnerable to an attack. If e.g. sAllowedPath = "/foo/bar", then
sFile = "../bartender" would result in sAbsolutePath = "/foo/bartender". Since
this path does begin with sAllowedPath, the code allowed it.
There shouldn't be any places where this can be exploited currently, but it is
still a security bug (path traversal).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1569 726aef4b-f618-498e-8847-2d620e286838
Changes include...
- CString -
Addition of LCString typedef to list<CString>
Added four more args to CString::Token()...
bool bAllowEmpty = false <-- This default of false is NOT backward compatible but seems way more intuitive
const CString& sLeft = ""
const CString& sRight = ""
bool bTrimQuotes = true
Added CString::OptionSplit()
Added CString::QuoteSplit()
Added two new args to CString::Split()...
bool bTrimQuotes = true,
bool bTrimWhiteSpace = false
- CTemplate -
Added new class CTemplateTagHandler to provide capability to add custom tags and vars
Added var name pointer dereferencing in the form of <? VAR Name=*other_var ?> (use ** to start with a literal star)
Added a list of paths that can be used to look for a given filename in multiple locations
Added CTemplate::PrependPath()
Added CTemplate::AppendPath()
Added CTemplate::RemovePath()
Added CTemplate::ClearPath()
Added CTemplate::PrintString() for filling a CString& instead of a stream
Added <? LT ?> which outputs a literal "<?"
Added <? GT ?> which outputs a literal "?>"
Added <? SETBLOCK ?> and <? ENDSETBLOCK ?> for setting a variable's value to the contents between the tags
Added <? EXPAND ?> for expanding a filename to a path using the settable list of paths
Added <? BREAK ?> and <? CONTINUE ?> inner loop tags
Added <? EXIT ?> tag to stop processing
Added <? DEBUG ?> tag for printing to DEBUG()
Added REVERSE keyword to the <? LOOP ?> tag
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1537 726aef4b-f618-498e-8847-2d620e286838
All the headers are now self-contained (g++ Header.h -o /dev/null).
Some system headers where moved to the .cpp they are actually needed in,
some of our own headers are includes less. (Especially MD5.h)
Headers are sorted alphabetically while in e.g. FileUtils.cpp FileUtils.h
is the first file included.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@915 726aef4b-f618-498e-8847-2d620e286838
These are mostly string casts, handling function's return value and some
weird warning about missing spaces on empty while loops.
These were reported by and fixed with Marcus Rueckert <darix@opensu.se>.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@904 726aef4b-f618-498e-8847-2d620e286838
