From e6dc1e4b25933ba81795eef47c36449e033844dd Mon Sep 17 00:00:00 2001
From: Andre Lorbach <alorbach@adiscon.com>
Date: Fri, 25 Jul 2008 14:25:32 +0200
Subject: [PATCH] Fixed a bug in the input checking of files when Diskfile
 source was configured

---
 src/admin/sources.php        | 25 ++++++++++++++++++++++---
 src/include/functions_db.php |  9 +++++++++
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/src/admin/sources.php b/src/admin/sources.php
index 125ae6d..e95d6de 100644
--- a/src/admin/sources.php
+++ b/src/admin/sources.php
@@ -334,10 +334,29 @@ if ( isset($_POST['op']) )
 				$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_SOURCES_ERROR_MISSINGPARAM'], $content['LN_CFG_SYSLOGFILE'] );
 			}
 			// Check if file is accessable!
-			else if ( !is_file($content['SourceDiskFile']) )
+			else 
 			{
-				$content['ISERROR'] = true;
-				$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_SOURCES_ERROR_NOTAVALIDFILE'], $content['SourceDiskFile'] );
+				// Get plain filename for testing!
+				$szFileName = DB_StripSlahes($content['SourceDiskFile']);
+
+				// Take as it is if rootpath!
+				if (
+						( ($pos = strpos($szFileName, "/")) !== FALSE && $pos == 0) ||
+						( ($pos = strpos($szFileName, ":\\")) !== FALSE ) ||
+						( ($pos = strpos($szFileName, ":/")) !== FALSE )
+					)
+				{
+					// Nothing really todo
+					$szFileName = $szFileName;
+				}
+				else // prepend basepath!
+					$szFileName = $gl_root_path . $szFileName;
+
+				if ( !is_file($szFileName) )
+				{
+					$content['ISERROR'] = true;
+					$content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_SOURCES_ERROR_NOTAVALIDFILE'], $szFileName );
+				}
 			}
 		}
 		// DB Params
diff --git a/src/include/functions_db.php b/src/include/functions_db.php
index 42e5827..7aad19f 100644
--- a/src/include/functions_db.php
+++ b/src/include/functions_db.php
@@ -248,6 +248,15 @@ function DB_RemoveBadChars($myString)
 */
 }
 
+function DB_StripSlahes($myString)
+{
+	// Replace with internal PHP Functions!
+	if ( !get_magic_quotes_runtime() )
+		return stripslashes($myString);
+	else
+		return $myString;
+}
+
 function DB_ReturnLastInsertID($myResult = false)
 {
 	// --- Abort in this case!