security fixes
This commit is contained in:
parent
498fbab03a
commit
276cf262ed
|
@ -53,6 +53,7 @@ class WebCfgForm(forms.Form):
|
|||
return config.get_config()
|
||||
|
||||
def save(self, data):
|
||||
utils.validate_config(data)
|
||||
for key, value in data.iteritems():
|
||||
config.set(key, value)
|
||||
config.save()
|
||||
|
|
|
@ -43,6 +43,7 @@ from render import render
|
|||
config_page = component.get("ConfigPageManager")
|
||||
plugins = component.get("WebPluginManager")
|
||||
|
||||
|
||||
class Template(config_forms.WebCfgForm):
|
||||
title = _("Template")
|
||||
|
||||
|
|
|
@ -394,8 +394,14 @@ class template_render:
|
|||
"render anything in /render/ dir"
|
||||
@deco.deluge_page
|
||||
def GET(self, name):
|
||||
filename = os.path.join(os.path.dirname(__file__),
|
||||
'templates/%s/render/%s' % (config.get('template'), name))
|
||||
#security : assumes config.get('template') returns a safe subdir.
|
||||
basepath = os.path.normpath(os.path.join(os.path.dirname(__file__),
|
||||
'templates/%s/render' % config.get('template')))
|
||||
filename = os.path.normpath(os.path.join(basepath,name))
|
||||
if not filename.startswith(basepath):
|
||||
#hack detected?
|
||||
raise Exception("File to render is not located in %s" % basepath)
|
||||
|
||||
return web.template.Template(open(filename).read(), filename=filename)()
|
||||
route("/template/render/(.*)", template_render)
|
||||
|
||||
|
|
|
@ -250,6 +250,18 @@ def check_pwd(pwd):
|
|||
m.update(pwd)
|
||||
return (m.digest() == config.get('pwd_md5'))
|
||||
|
||||
def validate_config(cfg_dict):
|
||||
"""
|
||||
call this before setting webui-config!
|
||||
#security : if template contains "../.." or other vars the filesystem could get compromized.
|
||||
"""
|
||||
if "template" in cfg_dict:
|
||||
from render import render
|
||||
#make shure it is a real template
|
||||
if not cfg_dict["template"] in render.get_templates():
|
||||
raise Exception("Invalid template")
|
||||
|
||||
|
||||
def set_config_defaults():
|
||||
changed = False
|
||||
for key, value in CONFIG_DEFAULTS.iteritems():
|
||||
|
|
Loading…
Reference in New Issue