Project

General

Profile

Revision a9f20108

Added by Sören Eberhardt-Biermann 10 months ago

- fixed vulnerability discovered by ADLab of Venustech (command injection, but requires admin access)
- webdav display UPPER/CASE/FULL/PATH with some webdav client
- standalone extplorer webdav does not work with PHP7
- CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9
- #202 Users with read only permissions should not be able to extract archives.
- added indonesian language files

View differences:

CHANGELOG.txt
1 1
****************************
2 2
Changelog for eXtplorer
3
Version $Id: CHANGELOG.txt 246 2016-02-10 21:21:12Z soeren $
3
Version $Id: CHANGELOG.txt 249 2016-12-11 16:11:03Z soeren $
4 4
****************************
5 5

  
6 6
--- version 2.1.10 ---
7
- fixed vulnerability discovered by ADLab of Venustech (command injection, but requires admin access)
7 8
- webdav display UPPER/CASE/FULL/PATH with some webdav client
8 9
- standalone extplorer webdav does not work with PHP7
9 10
- CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9
10 11
- #202 Users with read only permissions should not be able to extract archives.
12
- added indonesian language files
11 13

  
12 14
--- version 2.1.9 ---
13 15
- fixed PHP 7 compatibility issues
admin.extplorer.php
39 39
**/
40 40

  
41 41
// The eXtplorer version number
42
$GLOBALS['ext_version'] = '2.1.9';
42
$GLOBALS['ext_version'] = '2.1.10';
43 43
$GLOBALS['ext_home'] = 'http://extplorer.net';
44 44
$dir = '';
45 45
//------------------------------------------------------------------------------
extplorer.j15.xml
2 2
<!DOCTYPE install SYSTEM "http://dev.joomla.org/xml/1.5/component-install.dtd">
3 3
<install type="component" version="1.5.0">
4 4
<!-- Joomla! 1.5 Installer XML File
5
$Id: extplorer.j15.xml 247 2016-02-23 10:06:18Z soeren $ -->
5
$Id: extplorer.j15.xml 249 2016-12-11 16:11:03Z soeren $ -->
6 6
    <name>eXtplorer</name>
7
    <creationDate>15.03.2016</creationDate>
7
    <creationDate>22.06.2017</creationDate>
8 8
    <author>soeren, QuiX Project</author>
9 9
    <copyright>Soeren Eberhardt-Biermann, QuiX Project</copyright>
10 10
    <license>GNU/GPL, alternative: MPL</license>
11 11
    <authorEmail>info|at|extplorer.net</authorEmail>
12 12
    <authorUrl>http://extplorer.net/</authorUrl>
13
    <version>2.1.9</version>
13
    <version>2.1.10</version>
14 14
    <description><![CDATA[
15 15
	<div align="left"><img src="components/com_extplorer/images/eXtplorer_logo.png" alt="eXtplorer Logo" /></div>
16 16
	<h2>Successfully installed eXtplorer&nbsp;</h2>
extplorer.j30.xml
1 1
<?xml version="1.0" encoding="utf-8"?>
2 2
<extension type="component" version="3.0" method="upgrade">
3 3
<!-- Joomla! 3.0 Installer XML File 
4
$Id: extplorer.j30.xml 247 2016-02-23 10:06:18Z soeren $ -->
4
$Id: extplorer.j30.xml 249 2016-12-11 16:11:03Z soeren $ -->
5 5
    <name>eXtplorer</name>
6
    <creationDate>15.03.2016</creationDate>
6
    <creationDate>22.06.2017</creationDate>
7 7
    <author>soeren, QuiX Project</author>
8 8
    <copyright>Soeren Eberhardt-Biermann, QuiX Project</copyright>
9 9
    <authorEmail>info|-at|-extplorer.net</authorEmail>
10 10
    <authorUrl>http://extplorer.net/</authorUrl>
11
    <version>2.1.9</version>
11
    <version>2.1.10</version>
12 12
    <description><![CDATA[
13 13
	<div align="left"><img src="components/com_extplorer/images/eXtplorer_logo.png" alt="eXtplorer Logo" /></div>
14 14
	<h2>Successfully installed eXtplorer&nbsp;</h2>
extplorer.xml
1 1
<?xml version="1.0" encoding="iso-8859-1" ?>
2 2
<mosinstall type="component">
3 3
<!-- Joomla! 1.0 Installer XML File 
4
$Id: extplorer.xml 247 2016-02-23 10:06:18Z soeren $ -->
4
$Id: extplorer.xml 249 2016-12-11 16:11:03Z soeren $ -->
5 5
    <name>eXtplorer</name>
6
    <creationDate>15.03.2016</creationDate>
6
    <creationDate>22.06.2017</creationDate>
7 7
    <author>soeren, QuiX Project</author>
8 8
    <copyright>Soeren Eberhardt-Biermann, QuiX Project</copyright>
9 9
    <authorEmail>info|-at|-extplorer.net</authorEmail>
10 10
    <authorUrl>http://extplorer.net/</authorUrl>
11
    <version>2.1.9</version>
11
    <version>2.1.10</version>
12 12
    <description><![CDATA[
13 13
	<div align="left"><img src="components/com_extplorer/images/eXtplorer_logo.png" alt="eXtplorer Logo" /></div>
14 14
	<h2>Successfully installed eXtplorer&nbsp;</h2>
include/extract.php
3 3
if( ! defined( '_JEXEC' ) && ! defined( '_VALID_MOS' ) )
4 4
	die( 'Restricted access' ) ;
5 5
/**
6
 * @version $Id: extract.php 242 2015-08-19 06:29:26Z soeren $
6
 * @version $Id: extract.php 249 2016-12-11 16:11:03Z soeren $
7 7
 * @package eXtplorer
8 8
 * @copyright soeren 2007-2015
9 9
 * @author The eXtplorer project (http://extplorer.net)
include/functions.php
1189 1189
					$noHtmlFilter = new InputFilter( /* $tags, $attr, $tag_method, $attr_method, $xss_auto */ );
1190 1190
				}
1191 1191

  
1192
				$return = $noHtmlFilter->sanitize( array($return) )[0];
1192
                $return = $noHtmlFilter->sanitize( array($return) );
1193
                $return = $return[0];
1193 1194

  
1194 1195
				if (empty($return) && is_numeric($def)) {
1195 1196
				// if value is defined and default value is numeric set variable type to integer
include/transfer.php
2 2
// ensure this file is being included by a parent file
3 3
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
4 4
/**
5
 * @version $Id: transfer.php 248 2016-02-26 18:29:50Z soeren $
5
 * @version $Id: transfer.php 242 2015-08-19 06:29:26Z soeren $
6 6
 * @package eXtplorer
7 7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
......
65 65
			}
66 66
			// upload files & check for errors
67 67
			for($i=0;$i<$cnt;$i++) {
68
			    if( empty($GLOBALS['__POST']['userfile'][$i])) continue;
68 69
				$errors[$i]=NULL;
69 70

  
71
                $data = array(
72
                    'url' => $GLOBALS['__POST']['userfile'][$i]
73
                );
74

  
75
                $validated = InputFilter::is_valid($data, array(
76
                    'url' => 'required|valid_url'
77
                ));
78

  
79
                if($validated !== true) {
80
                    $errors[$i]=$GLOBALS['__POST']['userfile'][$i].' is not a valid URL!';
81
                    $err=true;	continue;
82
                }
70 83
				$items[$i] = stripslashes(basename($GLOBALS['__POST']['userfile'][$i]));
71 84

  
72 85
				$abs = get_abs_item($dir,$items[$i]);
......
76 89
					$errors[$i]=$GLOBALS["error_msg"]["itemdoesexist"];
77 90
					$err=true;	continue;
78 91
				}
79

  
80 92
				// Upload
81 93
				$ok = $downloader->download($GLOBALS['__POST']['userfile'][$i], $abs);
82 94
				if($ok===true ) {
......
127 139
		$status = 0;
128 140
		$output = array();
129 141
		$wget = getBinaryPath('wget');
142
		$url = escapeshellcmd( $url );
130 143
		exec("$wget -O$outputFile $url ", $output, $status);
131 144
		if ($status) {
132 145
			$msg = 'exec returned an error status ';
libraries/JSON.php
132 132
    *                                   bubble up with an error, so all return values
133 133
    *                                   from encode() should be checked with isError()
134 134
    */
135
    function ext_Json($use = 0)
135
    function __construct($use = 0)
136 136
    {
137 137
        $this->use = $use;
138 138
    }
......
839 839

  
840 840
    class Services_JSON_Error extends PEAR_Error
841 841
    {
842
        function Services_JSON_Error($message = 'unknown error', $code = null,
842
        function __construct($message = 'unknown error', $code = null,
843 843
                                     $mode = null, $options = null, $userinfo = null)
844 844
        {
845 845
            parent::PEAR_Error($message, $code, $mode, $options, $userinfo);
......
853 853
     */
854 854
    class Services_JSON_Error
855 855
    {
856
        function Services_JSON_Error($message = 'unknown error', $code = null,
856
        function __construct($message = 'unknown error', $code = null,
857 857
                                     $mode = null, $options = null, $userinfo = null)
858 858
        {
859 859

  
libraries/standalone.php
1 1
<?php
2 2
/**
3
* @version $Id: standalone.php 246 2016-02-10 21:21:12Z soeren $
3
* @version $Id: standalone.php 242 2015-08-19 06:29:26Z soeren $
4 4
* @package eXtplorer
5 5
* @copyright Copyright (C) 2012-2016 Soeren Eberhardt-Biermann. All rights reserved.
6 6
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
......
229 229

  
230 230
			// filter input
231 231
			$iFilter = new InputFilter();
232
			$this->_userstate[$var_name] = $iFilter->sanitize( array($this->_userstate[$var_name]) )[0];
232
			$temp = $iFilter->sanitize( array($this->_userstate[$var_name]) );
233
            $this->_userstate[$var_name] = $temp[0];
233 234

  
234 235
			return $this->_userstate[$var_name];
235 236
		} else {

Also available in: Unified diff