1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00
Pepperminty-Wiki/core/45-environment-deferred.php
Starbeamrainbowlabs 7f48302f1a
Bugfix: Fix XSS via action GET parameter.
Ref CVE-2021-38601

Serously, don't make public GitHub repos before contacting me!

https://github.com/hmaverickadams/CVE-2021-38601
2021-09-02 21:08:01 +01:00

31 lines
1.5 KiB
PHP

<?php
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
/// Finish setting up the environment object ///
$env->page = $_GET["page"] ?? $_POST["page"];
if(isset($_GET["revision"]) and is_numeric($_GET["revision"]))
{
// We have a revision number!
$env->is_history_revision = true;
$env->history->revision_number = intval($_GET["revision"]);
// Make sure that the revision exists for later on
if(!isset($pageindex->{$env->page}->history[$env->history->revision_number]))
{
http_response_code(404);
exit(page_renderer::render_main("404: Revision Not Found - $env->page - $settings->sitename", "<p>Revision #{$env->history->revision_number} of $env->page doesn't appear to exist. Try viewing the <a href='?action=history&page=" . rawurlencode($env->page) . "'>list of revisions for $env->page</a>, or viewing <a href='?page=" . rawurlencode($env->page) . "'>the latest revision</a> instead.</p>"));
}
$env->history->revision_data = $pageindex->{$env->page}->history[$env->history->revision_number];
}
// Construct the page's filename
$env->page_filename = $env->storage_prefix;
if($env->is_history_revision)
$env->page_filename .= $pageindex->{$env->page}->history[$env->history->revision_number]->filename;
else if(isset($pageindex->{$env->page}))
$env->page_filename .= $pageindex->{$env->page}->filename;
$env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));