diff options
author | medhavini <medhajpr@gmail.com> | 2015-07-20 17:05:39 +0200 |
---|---|---|
committer | medhavini <medhajpr@gmail.com> | 2015-07-20 17:05:39 +0200 |
commit | 08b9f20df1c108be5c1ab8b32c0fcbed31a079b3 (patch) | |
tree | 91a780d0b7ae021617928cbf6adfd2ec89641bee /system/helpers | |
parent | 4b9fec6797db2aea3af8ca4080be73e2ff421080 (diff) |
Security check fail
Security check condition to check that the path is NOT a URL may give false negative in case of subdomains. Where URLs don't start with http or www.
Diffstat (limited to 'system/helpers')
-rw-r--r-- | system/helpers/path_helper.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/system/helpers/path_helper.php b/system/helpers/path_helper.php index c23ec6435..34eebc4b0 100644 --- a/system/helpers/path_helper.php +++ b/system/helpers/path_helper.php @@ -61,6 +61,7 @@ if ( ! function_exists('set_realpath')) function set_realpath($path, $check_existance = FALSE) { // Security check to make sure the path is NOT a URL. No remote file inclusion! + // PROBLEM HERE - this can be easily bypassed in case of subdomains if (preg_match('#^(http:\/\/|https:\/\/|www\.|ftp|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i', $path)) { show_error('The path you submitted must be a local server path, not a URL'); |