Re^8: somethign wrong with the sumbit

Close. if( param('select') =~ /\/\.\./ ) </c>

This /\\/ matches a backslash - not what you want.

But I think, best is to convert the param value to an absolute path via e.g. abs_path (from Cwd) and check whether the allowed path matches.

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re^8: somethign wrong with the sumbit Select or Download Code

Replies are listed 'Best First'.
Re^9: somethign wrong with the sumbit by Nik (Initiate) on Dec 30, 2007 at 17:37 UTC
Thank you, the code now looks like this but the string that comes back from param('select') although valid for some reason enters the 2nd i believe if( )block: print header( -charset=>'utf-8' ); my $passage = param('select') \|\| "Αρχική + Σελίδα!"; my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/.txt"; my @display_files = map m{([^/]+)\.txt}, @files; Encode::from_to($_, 'ISO-8859-7', 'utf8') for @display_files; if ( param('select') ) { #If user selected an item from the drop do +wn menu unless ( grep { $_ eq param('select') } @display_files ) #Unless +user selection doesn't match one of the valid filenames within @displ +ay_files { if( param('select') =~ /\0/ ) { $passage = "Null Byte Injection* attempted & logged!"; print br() x 2, h1( {class=>'big'}, $passage ); } if( param('select') =~ /\/\.\./ ) { $passage = "Backwards Directory Traversal attempted & logge +d!"; print br() x 2, h1( {class=>'big'}, $passage ); } $select = $db->prepare( "UPDATE guestlog SET passage=?, date=?, +counter=counter+1 WHERE host=?" ); $select->execute( $passage, $date, $host ); exit; } [download] When i try to run it and select something valid i see no response though..... Very weird, not even the usual "backward error..."	[reply] [d/l]

Replies are listed 'Best First'.

Re^9: somethign wrong with the sumbit
by Nik (Initiate) on Dec 30, 2007 at 17:37 UTC

print header( -charset=>'utf-8' );
my $passage = param('select') || "&#913;&#961;&#967;&#953;&#954;&#942;
+ &#931;&#949;&#955;&#943;&#948;&#945;!";

my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt";
my @display_files = map m{([^/]+)\.txt}, @files;
Encode::from_to($_, 'ISO-8859-7', 'utf8') for @display_files;


if ( param('select') )  {   #If user selected an item from the drop do
+wn menu
   unless ( grep { $_ eq param('select') } @display_files )   #Unless 
+user selection doesn't match one of the valid filenames within @displ
+ay_files
   {
      if( param('select') =~ /\0/ )
      {
         $passage = "*Null Byte Injection* attempted & logged!";
         print br() x 2, h1( {class=>'big'}, $passage );
      }
      if( param('select') =~ /\/\.\./ )
      {
         $passage = "*Backwards Directory Traversal* attempted & logge
+d!";
         print br() x 2, h1( {class=>'big'}, $passage );
      }

      $select = $db->prepare( "UPDATE guestlog SET passage=?, date=?, 
+counter=counter+1 WHERE host=?" );
      $select->execute( $passage, $date, $host );

      exit;
    }
[download]

Very weird, not even the usual "backward error..."

[reply]
[d/l]