tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 03:09:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a bug in the input checking of files when Diskfile source was configured

Browse Source
This commit is contained in:
Andre Lorbach 2008-07-25 14:25:32 +02:00
parent 0ad4650993
commit e6dc1e4b25
2 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/admin/sources.php
View File

@ -334,10 +334,29 @@ if ( isset($_POST['op']) )
$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_SOURCES_ERROR_MISSINGPARAM'], $content['LN_CFG_SYSLOGFILE'] );
}
// Check if file is accessable!
else if ( !is_file($content['SourceDiskFile']) )
else
{
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_SOURCES_ERROR_NOTAVALIDFILE'], $content['SourceDiskFile'] );
// Get plain filename for testing!
$szFileName = DB_StripSlahes($content['SourceDiskFile']);
// Take as it is if rootpath!
if (
( ($pos = strpos($szFileName, "/")) !== FALSE && $pos == 0) ||
( ($pos = strpos($szFileName, ":\\")) !== FALSE ) ||
( ($pos = strpos($szFileName, ":/")) !== FALSE )
)
{
// Nothing really todo
$szFileName = $szFileName;
}
else // prepend basepath!
$szFileName = $gl_root_path . $szFileName;
if ( !is_file($szFileName) )
{
$content['ISERROR'] = true;
$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_SOURCES_ERROR_NOTAVALIDFILE'], $szFileName );
}
}
}
// DB Params

9
src/include/functions_db.php
View File

@ -248,6 +248,15 @@ function DB_RemoveBadChars($myString)
*/
}
function DB_StripSlahes($myString)
{
// Replace with internal PHP Functions!
if ( !get_magic_quotes_runtime() )
return stripslashes($myString);
else
return $myString;
}
function DB_ReturnLastInsertID($myResult = false)
{
// --- Abort in this case!