Project

General

Profile

Revision 249

View differences:

branches/extplorer2/CHANGELOG.txt
2 2
Changelog for eXtplorer
3 3
Version $Id$
4 4
****************************
5

  
6
--- version 2.1.10 ---
7
- webdav display UPPER/CASE/FULL/PATH with some webdav client
8
- standalone extplorer webdav does not work with PHP7
9
- CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9
10
- #202 Users with read only permissions should not be able to extract archives.
11

  
5 12
--- version 2.1.9 ---
6 13
- fixed PHP 7 compatibility issues
14
- raising PHP compatibility to PHP >= 5.4
7 15

  
8 16
--- version 2.1.8 ---
9 17
- added security functions for protection against CSRF attacks
......
13 21
- fixed SWFUpload against XSS vulnerabilities
14 22
- fixed XSS vulnerability in file list
15 23

  
16

  
17 24
--- version 2.1.6 ---
18 25
- fixed https usage for ports other than 443
19 26
- fixed XSS issue related to PHP_SELF
branches/extplorer2/README.txt
1 1
----------------------------------------------------------------------------------------------------
2
eXtplorer 2.1 - README
2
eXtplorer 2 - README
3 3
----------------------------------------------------------------------------------------------------
4 4

  
5 5
Requirements:
6 6
-------------------
7
* PHP > 4.3
7
* PHP > 5.3
8 8

  
9 9
Supported Browsers:
10 10
-------------------
11
* Internet Explorer >= 6.0
11
* Internet Explorer >= 8.0
12 12
* Firefox >= 2
13 13
* Safari >= 4
14 14
* Google Chrome/Iron >= 3
branches/extplorer2/build_component.bat
20 20
del %PATH%\scripts.tar
21 21

  
22 22
C:\Programme\7-Zip\7z.exe a -tzip -r %PATH%\com_extplorer.zip
23
C:\Programme\7-Zip\7z.exe d -r %PATH%\com_extplorer.zip .svn\
23
C:\Programme\7-Zip\7z.exe d -r %PATH%\com_extplorer.zip .svn\ .git\
24 24
C:\Programme\7-Zip\7z.exe d %PATH%\com_extplorer.zip scripts\ archive\
25
C:\Programme\7-Zip\7z.exe d -r %PATH%\com_extplorer.zip build_component.sh build_component.bat .project .projectOptions .cache 
25
C:\Programme\7-Zip\7z.exe d -r %PATH%\com_extplorer.zip build_component.sh build_component.bat .project .projectOptions .cache .gitignore
26 26

  
27 27
del %PATH%\scripts.tar.gz
branches/extplorer2/extplorer.j15.xml
4 4
<!-- Joomla! 1.5 Installer XML File
5 5
$Id$ -->
6 6
    <name>eXtplorer</name>
7
    <creationDate>23.02.2016</creationDate>
7
    <creationDate>15.03.2016</creationDate>
8 8
    <author>soeren, QuiX Project</author>
9 9
    <copyright>Soeren Eberhardt-Biermann, QuiX Project</copyright>
10 10
    <license>GNU/GPL, alternative: MPL</license>
branches/extplorer2/extplorer.j30.xml
3 3
<!-- Joomla! 3.0 Installer XML File 
4 4
$Id$ -->
5 5
    <name>eXtplorer</name>
6
    <creationDate>23.02.2016</creationDate>
6
    <creationDate>15.03.2016</creationDate>
7 7
    <author>soeren, QuiX Project</author>
8 8
    <copyright>Soeren Eberhardt-Biermann, QuiX Project</copyright>
9 9
    <authorEmail>info|-at|-extplorer.net</authorEmail>
branches/extplorer2/extplorer.xml
3 3
<!-- Joomla! 1.0 Installer XML File 
4 4
$Id$ -->
5 5
    <name>eXtplorer</name>
6
    <creationDate>23.02.2016</creationDate>
6
    <creationDate>15.03.2016</creationDate>
7 7
    <author>soeren, QuiX Project</author>
8 8
    <copyright>Soeren Eberhardt-Biermann, QuiX Project</copyright>
9 9
    <authorEmail>info|-at|-extplorer.net</authorEmail>
branches/extplorer2/include/extract.php
39 39
class ext_Extract extends ext_Action {
40 40

  
41 41
	function execAction( $dir, $item ) {
42
		
42

  
43
        if(($GLOBALS["permissions"]&01)!=01) {
44
            ext_Result::sendResult('archive', false, ext_Lang::err('accessfunc'));
45
        }
43 46
		if( ! ext_isArchive( $item ) ) {
44 47
			ext_Result::sendResult( 'archive', false, $item.': '.ext_Lang::err( 'extract_noarchive' ) ) ;
45 48
		} else {
branches/extplorer2/libraries/Archive/adapter/zip.php
187 187
			if( substr( $this->_metadata[$i]['name'], - 1, 1 ) != '/' && substr( $this->_metadata[$i]['name'], - 1, 1 ) != '\\' ) {
188 188
				$buffer = $this->_getFileData( $i ) ;
189 189
				$path = extPath::clean( $destination . DS . $this->_metadata[$i]['name'] ) ;
190
                if( strpos($path, '..') !== false ) {
191
                    	return PEAR::raiseError( 'Use of relative paths not permitted' ) ;
192
				}
190 193
				// Make sure the destination folder exists
191 194
				if( ! extMkdirR( dirname( $path ) ) ) {
192 195
					return PEAR::raiseError( 'Unable to create destination' ) ;
......
222 225
				if( zip_entry_open( $zip, $file, "r" ) ) {
223 226
					if( substr( zip_entry_name( $file ), strlen( zip_entry_name( $file ) ) - 1 ) != "/" ) {
224 227
						$buffer = zip_entry_read( $file, zip_entry_filesize( $file ) ) ;
228
                        if( strpos($destination . DS . zip_entry_name( $file ), '..') !== false ) {
229
                            return PEAR::raiseError( 'Use of relative paths not permitted' ) ;
230
						}
225 231
						if( !extMkdirR(dirname($destination . DS . zip_entry_name( $file ))) || file_put_contents( $destination . DS . zip_entry_name( $file ), $buffer ) === false ) {
226 232
							return PEAR::raiseError( 'Unable to write entry: '.$destination . DS. zip_entry_name( $file ) ) ;
227 233
						}
branches/extplorer2/libraries/HTTP/WebDAV/Server/Filesystem.php
96 96
    var $db_passwd = "";
97 97

  
98 98
    /**
99
     * MySQLI link 
100
     */
101
    var $db_link = NULL;
102

  
103

  
104
    /**
99 105
     * Serve a webdav request
100 106
     *
101 107
     * @access public
......
119 125
        }
120 126
                
121 127
        // establish connection to property/locking db
122
        mysql_connect($this->db_host, $this->db_user, $this->db_passwd) or die(mysql_error());
123
        mysql_select_db($this->db_name) or die(mysql_error());
128
        $this->db_link = mysqli_connect($this->db_host, $this->db_user, $this->db_passwd) or die(mysqli_error($this->db_link));
129
        mysqli_select_db($this->db_link, $this->db_name) or die(mysqli_error($this->db_link));
124 130
        // TODO throw on connection problems
125 131

  
126 132
        // let the base class do all the work
......
236 242
        $query = "SELECT ns, name, value 
237 243
                        FROM {$this->db_prefix}properties 
238 244
                       WHERE path = '$path'";
239
        $res = mysql_query($query);
240
        while ($row = mysql_fetch_assoc($res)) {
245
        $res = mysqli_query($this->db_link, $query);
246
        while ($row = mysqli_fetch_assoc($res)) {
241 247
            $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
242 248
        }
243
        mysql_free_result($res);
249
        mysqli_free_result($res);
244 250

  
245 251
        return $info;
246 252
    }
......
557 563
        if (is_dir($path)) {
558 564
            $query = "DELETE FROM {$this->db_prefix}properties 
559 565
                           WHERE path LIKE '".$this->_slashify($options["path"])."%'";
560
            mysql_query($query);
566
            mysqli_query($this->db_link,$query);
561 567
            System::rm(array("-rf", $path));
562 568
        } else {
563 569
            unlink($path);
564 570
        }
565 571
        $query = "DELETE FROM {$this->db_prefix}properties 
566 572
                       WHERE path = '$options[path]'";
567
        mysql_query($query);
573
        mysqli_query($this->db_link,$query);
568 574

  
569 575
        return "204 No Content";
570 576
    }
......
666 672
                $query = "UPDATE {$this->db_prefix}properties 
667 673
                                 SET path = REPLACE(path, '".$options["path"]."', '".$destpath."') 
668 674
                               WHERE path LIKE '".$this->_slashify($options["path"])."%'";
669
                mysql_query($query);
675
                mysqli_query($this->db_link,$query);
670 676
            }
671 677

  
672 678
            $query = "UPDATE {$this->db_prefix}properties 
673 679
                             SET path = '".$destpath."'
674 680
                           WHERE path = '".$options["path"]."'";
675
            mysql_query($query);
681
            mysqli_query($this->db_link,$query);
676 682
        } else {
677 683
            if (is_dir($source)) {
678 684
                $files = System::find($source);
......
752 758
                                          AND name = '$prop[name]' 
753 759
                                          AND ns = '$prop[ns]'";
754 760
                }       
755
                mysql_query($query);
761
                mysqli_query($this->db_link,$query);
756 762
            }
757 763
        }
758 764
                        
......
783 789
            $where = "WHERE path = '$options[path]' AND token = '$options[update]'";
784 790

  
785 791
            $query = "SELECT owner, exclusivelock FROM {$this->db_prefix}locks $where";
786
            $res   = mysql_query($query);
787
            $row   = mysql_fetch_assoc($res);
788
            mysql_free_result($res);
792
            $res   = mysqli_query($this->db_link,$query);
793
            $row   = mysqli_fetch_assoc($res);
794
            mysqli_free_result($res);
789 795

  
790 796
            if (is_array($row)) {
791 797
                $query = "UPDATE {$this->db_prefix}locks 
792 798
                                 SET expires = '$options[timeout]' 
793 799
                                   , modified = ".time()."
794 800
                              $where";
795
                mysql_query($query);
801
                mysqli_query($this->db_link,$query);
796 802

  
797 803
                $options['owner'] = $row['owner'];
798 804
                $options['scope'] = $row["exclusivelock"] ? "exclusive" : "shared";
......
813 819
                          , expires = '$options[timeout]'
814 820
                          , exclusivelock  = " .($options['scope'] === "exclusive" ? "1" : "0")
815 821
            ;
816
        mysql_query($query);
822
        mysqli_query($this->db_link,$query);
817 823

  
818
        return mysql_affected_rows() ? "200 OK" : "409 Conflict";
824
        return mysqli_affected_rows() ? "200 OK" : "409 Conflict";
819 825
    }
820 826

  
821 827
    /**
......
829 835
        $query = "DELETE FROM {$this->db_prefix}locks
830 836
                      WHERE path = '$options[path]'
831 837
                        AND token = '$options[token]'";
832
        mysql_query($query);
838
        mysqli_query($this->db_link,$query);
833 839

  
834
        return mysql_affected_rows() ? "204 No Content" : "409 Conflict";
840
        return mysqli_affected_rows() ? "204 No Content" : "409 Conflict";
835 841
    }
836 842

  
837 843
    /**
......
848 854
                  FROM {$this->db_prefix}locks
849 855
                 WHERE path = '$path'
850 856
               ";
851
        $res = mysql_query($query);
857
        $res = mysqli_query($this->db_link,$query);
852 858

  
853 859
        if ($res) {
854
            $row = mysql_fetch_array($res);
855
            mysql_free_result($res);
860
            $row = mysqli_fetch_array($res);
861
            mysqli_free_result($res);
856 862

  
857 863
            if ($row) {
858 864
                $result = array( "type"    => "write",

Also available in: Unified diff