Fix local file inclusion (and code execution) via crafted 'plugins' option

release-1.3
Aleksander Machniak 5 years ago committed by Thomas Bruederli
parent 47f431b1d6
commit c0eea755cf

@ -163,6 +163,14 @@ class rcube_plugin_api
$plugins_dir = unslashify($dir->path);
}
// Validate the plugin name to prevent from path traversal
if (preg_match('/[^a-zA-Z0-9_-]/', $plugin_name)) {
rcube::raise_error(array('code' => 520,
'file' => __FILE__, 'line' => __LINE__,
'message' => "Invalid plugin name: $plugin_name"), true, false);
return false;
}
// plugin already loaded?
if (!$this->plugins[$plugin_name]) {
$fn = "$plugins_dir/$plugin_name/$plugin_name.php";
@ -282,6 +290,14 @@ class rcube_plugin_api
$fn = unslashify($dir->path) . "/$plugin_name/$plugin_name.php";
$info = false;
// Validate the plugin name to prevent from path traversal
if (preg_match('/[^a-zA-Z0-9_-]/', $plugin_name)) {
rcube::raise_error(array('code' => 520,
'file' => __FILE__, 'line' => __LINE__,
'message' => "Invalid plugin name: $plugin_name"), true, false);
return false;
}
if (!class_exists($plugin_name, false)) {
if (is_readable($fn)) {
include($fn);

Loading…
Cancel
Save