Fixed a security error in the server side file retriever script of the web app.
This commit is contained in:
parent
02c5fa416b
commit
01f6112261
|
@ -7,6 +7,8 @@ http://jsoneditoronline.org
|
||||||
|
|
||||||
- Fixed non working option `indentation`.
|
- Fixed non working option `indentation`.
|
||||||
- Fixed css not being loaded with AMD in case of multiple scripts.
|
- Fixed css not being loaded with AMD in case of multiple scripts.
|
||||||
|
- Fixed a security error in the server side file retriever script of
|
||||||
|
the web application.
|
||||||
|
|
||||||
|
|
||||||
## 2013-05-27, version 2.2.1
|
## 2013-05-27, version 2.2.1
|
||||||
|
|
|
@ -51,6 +51,7 @@ if ($method == 'GET') {
|
||||||
'header' => "Accept: application/json\r\n"
|
'header' => "Accept: application/json\r\n"
|
||||||
)
|
)
|
||||||
));
|
));
|
||||||
|
if (preg_match('/^https?:\/\//', $url)) { // only allow to fetch http:// and https:// urls
|
||||||
$body = file_get_contents($url, false, $context);
|
$body = file_get_contents($url, false, $context);
|
||||||
if ($body != false) {
|
if ($body != false) {
|
||||||
header("Content-Disposition: attachment; filename=\"$filename\"");
|
header("Content-Disposition: attachment; filename=\"$filename\"");
|
||||||
|
@ -61,6 +62,10 @@ if ($method == 'GET') {
|
||||||
header('HTTP/1.1 404 Not Found');
|
header('HTTP/1.1 404 Not Found');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
header('HTTP/1.1 403 Forbidden');
|
||||||
|
}
|
||||||
|
}
|
||||||
else if (isset($_GET['id'])) {
|
else if (isset($_GET['id'])) {
|
||||||
// retrieve the file with given id from disk, return it,
|
// retrieve the file with given id from disk, return it,
|
||||||
// and remove it from disk
|
// and remove it from disk
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "jsoneditor",
|
"name": "jsoneditor",
|
||||||
"version": "2.3.0-SNAPSHOT",
|
"version": "2.2.2-SNAPSHOT",
|
||||||
"description": "A web-based tool to view, edit and format JSON",
|
"description": "A web-based tool to view, edit and format JSON",
|
||||||
"tags": [
|
"tags": [
|
||||||
"json",
|
"json",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "jsoneditor",
|
"name": "jsoneditor",
|
||||||
"version": "2.3.0-SNAPSHOT",
|
"version": "2.2.2-SNAPSHOT",
|
||||||
"description": "A web-based tool to view, edit and format JSON",
|
"description": "A web-based tool to view, edit and format JSON",
|
||||||
"tags": [
|
"tags": [
|
||||||
"json",
|
"json",
|
||||||
|
|
Loading…
Reference in New Issue