WordPress.org

Plugin Directory


Ignore:
Timestamp:
10/22/12 00:10:22 (18 months ago)
Author:
Cimmo
Message:

Fixed an arbitrary file disclosure vulnerability when exporting and downloading the exported csv, the vulnerability is limited to users with 'list_users' capability (thanks to Charlie Eriksen via Secunia SVCRP)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cimy-user-manager/trunk/cimy_user_manager.php

    r575848 r615423  
    44Plugin URI: http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-manager/ 
    55Description: Import and export users from/to CSV files, supports all WordPress profile data also Cimy User Extra Fields plug-in 
    6 Version: 1.4.1 
     6Version: 1.4.2 
    77Author: Marco Cimmino 
    88Author URI: mailto:cimmino.marco@gmail.com 
     
    7676            $cimy_um_filename = $_POST["cimy_um_filename"]; 
    7777            // protect from site traversing 
    78             $cimy_um_filename = str_replace('../', '', $cimy_um_filename); 
     78            do { 
     79                $cimy_um_filename = str_replace('../', '', $cimy_um_filename, $count); 
     80            } while ($count != 0); 
    7981            if (!is_file($cimy_um_filename)) 
    8082                return; 
     
    11951197    } 
    11961198} 
    1197  
    1198 ?> 
Note: See TracChangeset for help on using the changeset viewer.