Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

fix(security) Secure upload images #5863

Merged
merged 11 commits into from
Nov 10, 2017
Merged

fix(security) Secure upload images #5863

merged 11 commits into from
Nov 10, 2017

Conversation

loiclau
Copy link
Contributor

@loiclau loiclau commented Nov 7, 2017
edited by lpinsivy
Loading

Thanks to Sammy FORGIT from Certilience (www.certilience.fr) for having transmitted us the proof of concepts of vulnerabilities

@loiclau loiclau changed the title Secure upload fix(security) Secure upload images Nov 7, 2017
@lpinsivy lpinsivy modified the milestone: 2.8.16 Nov 8, 2017
kduret
kduret suggested changes Nov 8, 2017
View reviewed changes
www/class/centreonFileManager.php Outdated
@@ -0,0 +1,175 @@
<?php
/**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing Centreon License header

www/class/centreonImageManager.php Outdated
@@ -0,0 +1,187 @@
<?php
/**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing Centreon License header

www/class/iFileManager.php Outdated
@@ -0,0 +1,15 @@
<?php
/**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing Centreon License header

www/class/centreonImageManager.php Outdated
$this->comment
);
return $img_ids;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe return false ?

www/class/centreonImageManager.php
//update relation
$query = "UPDATE view_img_dir_relation SET dir_dir_parent_id = '" . $dirId .
"' WHERE img_img_id = '" . $imgId . "'";
$pearDB->query($query);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe return true ?

www/include/options/media/images/formImg.php Outdated
@@ -216,7 +220,7 @@
}
$action = $form->getSubmitValue("action");

if ($valid) {
if (is_array($valid)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strange validation. I think methods need to return "false" if update or upload doesn't work

@kduret kduret merged commit f2624d1 into 2.8.x Nov 10, 2017
@kduret kduret deleted the secure-upload branch November 10, 2017 15:49
@adr-mo
Copy link
Contributor

adr-mo commented Nov 13, 2017

I've tried to upload php and js using image format (extensions and headers). Even if file is uploaded, I could not figure out how to execute it.

Everything looks good to me.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Guillaume28 Guillaume28 Guillaume28 approved these changes

@kduret kduret kduret approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@loiclau @adr-mo @kduret @Guillaume28 @lpinsivy