diff options
| author | Ben Fuhrmannek | 2014-09-25 18:07:55 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2014-09-25 18:07:55 +0200 |
| commit | 49a4321cec080d61ff112aaf27f55257e62402f9 (patch) | |
| tree | c3500f64ef6cc5d45d70296339827857de1bf889 /ufilter.c | |
| parent | 594c8df58c6f7f9b9610c7f0fd11da08a532de98 (diff) | |
array index whitelist/blacklist for multipart formdata
Diffstat (limited to 'ufilter.c')
| -rw-r--r-- | ufilter.c | 18 |
1 files changed, 18 insertions, 0 deletions
| @@ -113,6 +113,24 @@ static int check_fileupload_varname(char *varname) | |||
| 113 | } | 113 | } |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | /* index whitelist/blacklist */ | ||
| 117 | if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { | ||
| 118 | if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { | ||
| 119 | suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var); | ||
| 120 | if (!SUHOSIN_G(simulation)) { | ||
| 121 | goto return_failure; | ||
| 122 | } | ||
| 123 | } | ||
| 124 | } else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) { | ||
| 125 | if (suhosin_strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) { | ||
| 126 | suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var); | ||
| 127 | if (!SUHOSIN_G(simulation)) { | ||
| 128 | goto return_failure; | ||
| 129 | } | ||
| 130 | } | ||
| 131 | } | ||
| 132 | |||
| 133 | |||
| 116 | index = strchr(index, '['); | 134 | index = strchr(index, '['); |
| 117 | } | 135 | } |
| 118 | 136 | ||