diff --git a/HISTORY.md b/HISTORY.md index 0832eb2..5525b15 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -7,6 +7,8 @@ http://jsoneditoronline.org - Fixed non working option `indentation`. - Fixed css not being loaded with AMD in case of multiple scripts. +- Fixed a security error in the server side file retriever script of + the web application. ## 2013-05-27, version 2.2.1 diff --git a/app/web/fileretriever.php b/app/web/fileretriever.php index 09e0785..f3664e6 100644 --- a/app/web/fileretriever.php +++ b/app/web/fileretriever.php @@ -51,14 +51,19 @@ if ($method == 'GET') { 'header' => "Accept: application/json\r\n" ) )); - $body = file_get_contents($url, false, $context); - if ($body != false) { - header("Content-Disposition: attachment; filename=\"$filename\""); - header('Content-type: application/json'); - echo $body; + if (preg_match('/^https?:\/\//', $url)) { // only allow to fetch http:// and https:// urls + $body = file_get_contents($url, false, $context); + if ($body != false) { + header("Content-Disposition: attachment; filename=\"$filename\""); + header('Content-type: application/json'); + echo $body; + } + else { + header('HTTP/1.1 404 Not Found'); + } } else { - header('HTTP/1.1 404 Not Found'); + header('HTTP/1.1 403 Forbidden'); } } else if (isset($_GET['id'])) { diff --git a/bower.json b/bower.json index 805e9f1..6ddcf92 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "jsoneditor", - "version": "2.3.0-SNAPSHOT", + "version": "2.2.2-SNAPSHOT", "description": "A web-based tool to view, edit and format JSON", "tags": [ "json", diff --git a/package.json b/package.json index 0b67cd5..78879a9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "jsoneditor", - "version": "2.3.0-SNAPSHOT", + "version": "2.2.2-SNAPSHOT", "description": "A web-based tool to view, edit and format JSON", "tags": [ "json",