Fixed a security error in the server side file retriever script of the web app.

HISTORY.md

@@ -7,6 +7,8 @@ http://jsoneditoronline.org
 
 - Fixed non working option `indentation`.
 - Fixed css not being loaded with AMD in case of multiple scripts.
+- Fixed a security error in the server side file retriever script of
+  the web application.
 
 
 ## 2013-05-27, version 2.2.1

app/web/fileretriever.php

@@ -51,14 +51,19 @@ if ($method == 'GET') {
                 'header' => "Accept: application/json\r\n"
             )
         ));
-        $body = file_get_contents($url, false, $context);
-        if ($body != false) {
-            header("Content-Disposition: attachment; filename=\"$filename\"");
-            header('Content-type: application/json');
-            echo $body;
+        if (preg_match('/^https?:\/\//', $url)) { // only allow to fetch http:// and https:// urls
+            $body = file_get_contents($url, false, $context);
+            if ($body != false) {
+                header("Content-Disposition: attachment; filename=\"$filename\"");
+                header('Content-type: application/json');
+                echo $body;
+            }
+            else {
+                header('HTTP/1.1 404 Not Found');
+            }
         }
         else {
-            header('HTTP/1.1 404 Not Found');
+            header('HTTP/1.1 403 Forbidden');
         }
     }
     else if (isset($_GET['id'])) {

bower.json

@@ -1,6 +1,6 @@
 {
     "name": "jsoneditor",
-    "version": "2.3.0-SNAPSHOT",
+    "version": "2.2.2-SNAPSHOT",
     "description": "A web-based tool to view, edit and format JSON",
     "tags": [
         "json",

package.json

@@ -1,6 +1,6 @@
 {
     "name": "jsoneditor",
-    "version": "2.3.0-SNAPSHOT",
+    "version": "2.2.2-SNAPSHOT",
     "description": "A web-based tool to view, edit and format JSON",
     "tags": [
         "json",