Package: torrentflux
Version: 2.3-9
Severity: important
Tags: patch
Since time and a day torrentflux is unable to browse into directories
with names containing php special characters like & and '.
Attached is a patch to fix this.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages torrentflux depends on:
hi bittornado 0.3.18-5 bittorrent client with enhanced cu
ii dbconfig-common 1.8.38 common framework for packaging dat
ii debconf [debconf-2.0] 1.5.21 Debian configuration management sy
ii libapache-mod-php4 6:4.4.4-9 server-side, HTML-embedded scripti
ii libapache2-mod-php5 5.2.5-3 server-side, HTML-embedded scripti
ii libphp-adodb 5.04a-1 The ADOdb database abstraction lay
ii php4-mysql 6:4.4.4-9 MySQL module for php4
ii php5-mysql 5.2.5-3 MySQL module for php5
ii python 2.5.2-1 An interactive high-level object-o
ii zip 2.32-1 Archiver for .zip files
Versions of packages torrentflux recommends:
ii mysql-client 5.0.51a-6 MySQL database client (meta packag
ii mysql-client-5.0 [mysql-clien 5.0.51a-6 MySQL database client binaries
ii mysql-server 5.0.51a-6 MySQL database server (meta packag
ii mysql-server-5.0 [mysql-serve 5.0.51a-6 MySQL database server binaries
-- debconf information:
* torrentflux/dbconfig-install: true
torrentflux/upgrade-backup: true
* torrentflux/dbconfig-upgrade: true
torrentflux/passwords-do-not-match:
torrentflux/performing_upgrade: false
torrentflux/remove-error: abort
torrentflux/mysql/method: unix socket
torrentflux/unsupported-webserver:
* torrentflux/upgrade_to_21:
torrentflux/internal/reconfiguring: false
torrentflux/remote/port:
torrentflux/dbconfig-reinstall: false
* torrentflux/restart-webserver: false
torrentflux/import-oldsettings:
torrentflux/mysql/admin-user: root
torrentflux/missing-db-package-error: abort
torrentflux/internal/skip-preseed: false
torrentflux/purge: false
torrentflux/upgrade-error: abort
torrentflux/install-error: abort
torrentflux/remote/host:
* torrentflux/dbconfig-remove: true
torrentflux/remote/newhost:
torrentflux/database-type: mysql
torrentflux/db/app-user: torrentflux
torrentflux/db/dbname: torrentflux
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
*** dir.php 2008-05-08 01:38:06.000000000 +0200
--- dir.modified.php 2007-11-14 10:52:47.992541972 +0100
***************
*** 31,37 ****
$del = getRequestVar('del');
$down = getRequestVar('down');
$tar = getRequestVar('tar');
! $dir = stripslashes(urldecode(getRequestVar('dir')));
if (strpos(stripslashes($dir),"../")===false) {} else {echo "Can't go to parent directories!";exit;}
// Are we to delete something?
--- 31,39 ----
$del = getRequestVar('del');
$down = getRequestVar('down');
$tar = getRequestVar('tar');
! //$dir = stripslashes(urldecode(getRequestVar('dir')));
! $dir = stripslashes(getRequestVar('dir'));
! $dir = html_entity_decode($dir, ENT_QUOTES);
if (strpos(stripslashes($dir),"../")===false) {} else {echo "Can't go to parent directories!";exit;}
// Are we to delete something?
***************
*** 52,57 ****
--- 54,60 ----
// "test/tester's file/test.txt"
$del = stripslashes(stripslashes($del));
+ $del = html_entity_decode($del, ENT_QUOTES);
if (!ereg("(\.\.\/)", $del))
{
***************
*** 75,81 ****
AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del);
}
! header("Location: dir.php?dir=".urlencode($current));
}
// Are we to download something?
--- 78,84 ----
AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del);
}
! header("Location: dir.php?dir=".rawurlencode($current));
}
// Are we to download something?
***************
*** 92,97 ****
--- 95,101 ----
// "test/tester's file/test.txt"
$down = stripslashes(stripslashes($down));
+ $down = html_entity_decode($down, ENT_QUOTES);
if (!ereg("(\.\.\/)", $down))
{
***************
*** 136,142 ****
{
AuditAction($cfg["constants"]["error"], "ILLEGAL DOWNLOAD: ".$cfg['user']." tried to download ".$down);
}
! header("Location: dir.php?dir=".urlencode($current));
}
// Are we to download something?
--- 140,146 ----
{
AuditAction($cfg["constants"]["error"], "ILLEGAL DOWNLOAD: ".$cfg['user']." tried to download ".$down);
}
! header("Location: dir.php?dir=".rawurlencode($current));
}
// Are we to download something?
***************
*** 153,158 ****
--- 157,163 ----
// "test/tester's file/test.txt"
$tar = stripslashes(stripslashes($tar));
+ $tar = html_entity_decode($tar, ENT_QUOTES);
if (!ereg("(\.\.\/)", $tar))
{
***************
*** 214,220 ****
{
AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: ".$cfg['user']." tried to download ".$tar);
}
! header("Location: dir.php?dir=".urlencode($current));
}
if ($dir == "")
--- 219,225 ----
{
AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: ".$cfg['user']." tried to download ".$tar);
}
! header("Location: dir.php?dir=".rawurlencode($current));
}
if ($dir == "")
***************
*** 271,277 ****
if (!file_exists($cfg["path"].$dir))
{
! echo "<strong>".htmlentities($dir)."</strong> could not be found or is not valid.";
}
else
{
--- 276,282 ----
if (!file_exists($cfg["path"].$dir))
{
! echo "<strong>".$dir."</strong> could not be found or is not valid.";
}
else
{
***************
*** 304,310 ****
//get the real parentURL
if (preg_match("/^(.+)\/.+$/",$dir,$matches) == 1)
{
! $parentURL="dir.php?dir=" . urlencode($matches[1]);
}
echo "<table cellpadding=2 width=740>";
--- 309,315 ----
//get the real parentURL
if (preg_match("/^(.+)\/.+$/",$dir,$matches) == 1)
{
! $parentURL="dir.php?dir=" . rawurlencode($matches[1]);
}
echo "<table cellpadding=2 width=740>";
***************
*** 332,350 ****
{
if (@is_dir($dirName.$entry))
{
! echo "<tr bgcolor=\"".$bg."\"><td><a href=\"dir.php?dir=".urlencode($dir.$entry)."\"><img src=\"images/folder2.gif\" width=\"16\" height=\"16\" title=\"".$entry."\" border=\"0\" align=\"absmiddle\">".$entry."</a></td>";
echo "<td> </td>";
echo "<td> </td>";
echo "<td align=\"right\">";
if ($cfg["enable_maketorrent"])
{
! echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".urlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";
}
if ($cfg["enable_file_download"])
{
! echo "<a href=\"dir.php?tar=".urlencode($dir.$entry)."\"><img src=\"images/tar_down.gif\" width=16 height=16 title=\"Download as ".$cfg["package_type"]."\" border=0></a>";
}
// The following lines of code were suggested by Jody Steele [EMAIL PROTECTED]
--- 337,355 ----
{
if (@is_dir($dirName.$entry))
{
! echo "<tr bgcolor=\"".$bg."\"><td><a href=\"dir.php?dir=".rawurlencode($dir.$entry)."\"><img src=\"images/folder2.gif\" width=\"16\" height=\"16\" title=\"".$entry."\" border=\"0\" align=\"absmiddle\">".$entry."</a></td>";
echo "<td> </td>";
echo "<td> </td>";
echo "<td align=\"right\">";
if ($cfg["enable_maketorrent"])
{
! echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".rawurlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";
}
if ($cfg["enable_file_download"])
{
! echo "<a href=\"dir.php?tar=".rawurlencode($dir.$entry)."\"><img src=\"images/tar_down.gif\" width=16 height=16 title=\"Download as ".$cfg["package_type"]."\" border=0></a>";
}
// The following lines of code were suggested by Jody Steele [EMAIL PROTECTED]
***************
*** 353,360 ****
// the ability to delete sub directories
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir))
{
! echo "<a href=\"dir.php?del=".urlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";
! echo "<input type=\"checkbox\" name=\"file[]\" value=\"".urlencode($dir.$entry)."\">";
}
else
{
--- 358,365 ----
// the ability to delete sub directories
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir))
{
! echo "<a href=\"dir.php?del=".rawurlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";
! echo "<input type=\"checkbox\" name=\"file[]\" value=\"".rawurlencode($dir.$entry)."\">";
}
else
{
***************
*** 423,431 ****
if ($cfg["enable_file_download"])
{
// Yes, let them download
! echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >";
echo "<img src=\"".$image."\" width=\"16\" height=\"16\" alt=\"".$entry."\" border=\"0\"></a>";
! echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >".$entry."</a>";
}
else
{
--- 428,436 ----
if ($cfg["enable_file_download"])
{
// Yes, let them download
! echo "<a href=\"dir.php?down=".rawurlencode($dir.$entry)."\" >";
echo "<img src=\"".$image."\" width=\"16\" height=\"16\" alt=\"".$entry."\" border=\"0\"></a>";
! echo "<a href=\"dir.php?down=".rawurlencode($dir.$entry)."\" >".$entry."</a>";
}
else
{
***************
*** 441,458 ****
if( $cfg["enable_view_nfo"] && (( substr( strtolower($entry), -4 ) == ".nfo" ) || ( substr( strtolower($entry), -4 ) == ".txt" )) )
{
! echo "<a href=\"viewnfo.php?path=".urlencode(addslashes($dir.$entry))."\"><img src=\"images/view_nfo.gif\" width=16 height=16 title=\"View '$entry'\" border=0></a>";
}
if ($cfg["enable_maketorrent"])
{
! echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".urlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";
}
if ($cfg["enable_file_download"])
{
// Show the download button
! echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >";
echo "<img src=\"images/download_owner.gif\" width=16 height=16 title=\"Download\" border=0>";
echo "</a>";
}
--- 446,463 ----
if( $cfg["enable_view_nfo"] && (( substr( strtolower($entry), -4 ) == ".nfo" ) || ( substr( strtolower($entry), -4 ) == ".txt" )) )
{
! echo "<a href=\"viewnfo.php?path=".rawurlencode(addslashes($dir.$entry))."\"><img src=\"images/view_nfo.gif\" width=16 height=16 title=\"View '$entry'\" border=0></a>";
}
if ($cfg["enable_maketorrent"])
{
! echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".rawurlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";
}
if ($cfg["enable_file_download"])
{
// Show the download button
! echo "<a href=\"dir.php?down=".rawurlencode($dir.$entry)."\" >";
echo "<img src=\"images/download_owner.gif\" width=16 height=16 title=\"Download\" border=0>";
echo "</a>";
}
***************
*** 463,470 ****
// the ability to delete files
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir))
{
! echo "<a href=\"dir.php?del=".urlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";
! echo "<input type=\"checkbox\" name=\"file[]\" value=\"".urlencode($dir.$entry)."\">";
}
else
{
--- 468,475 ----
// the ability to delete files
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir))
{
! echo "<a href=\"dir.php?del=".rawurlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";
! echo "<input type=\"checkbox\" name=\"file[]\" value=\"".rawurlencode($dir.$entry)."\">";
}
else
{
