| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Feb 2005 13:52:41 +0100
From: webmaster@...eless-design.de
To: bugtraq@...urityfocus.com, tjomka@...igator.lv
Subject: AW: phpWebSite-0.10.0_exploit
actually this bug seems to be fixed long time ago by adding following code
to the EZform.php
----
if (is_null($allowedImages) || !is_array($allowedImages)) {
include(PHPWS_SOURCE_DIR.'conf/allowedImageTypes.php');
$allowedImages = $allowedImageTypes;
}
$fileTypes = implode(", ", $allowedImages);
if (!in_array($_FILES[$postVar]["type"], $allowedImages)){
$error = new PHPWS_Error("EZform", "saveImage", "Submitted image
must be $fileTypes file.");
return $error;
}
----
code of the allowedImageTypes.php
----
<?php
/* Image types which are allowed to be uploaded via phpwebsite modules */
/* Added 12/03/2003 (might not be implemented in all modules yet */
$allowedImageTypes = array("image/jpeg",
"image/jpg",
"image/pjpeg",
"image/png",
"image/x-png",
"image/gif",
"image/wbmp");
?>
----
--- Ursprüngliche Nachricht ---
Datum: 24.02.2005 23:16
Von: tjomka <tjomka@...igator.lv>
An: bugtraq@...urityfocus.com
Betreff: phpWebSite-0.10.0_exploit
> phpWebSite-0.10.0_exploit
>
Powered by blists - more mailing lists