Fixed a security error in the server side file retriever script of the web app.
This commit is contained in:
parent
02c5fa416b
commit
01f6112261
|
@ -7,6 +7,8 @@ http://jsoneditoronline.org
|
|||
|
||||
- Fixed non working option `indentation`.
|
||||
- Fixed css not being loaded with AMD in case of multiple scripts.
|
||||
- Fixed a security error in the server side file retriever script of
|
||||
the web application.
|
||||
|
||||
|
||||
## 2013-05-27, version 2.2.1
|
||||
|
|
|
@ -51,6 +51,7 @@ if ($method == 'GET') {
|
|||
'header' => "Accept: application/json\r\n"
|
||||
)
|
||||
));
|
||||
if (preg_match('/^https?:\/\//', $url)) { // only allow to fetch http:// and https:// urls
|
||||
$body = file_get_contents($url, false, $context);
|
||||
if ($body != false) {
|
||||
header("Content-Disposition: attachment; filename=\"$filename\"");
|
||||
|
@ -61,6 +62,10 @@ if ($method == 'GET') {
|
|||
header('HTTP/1.1 404 Not Found');
|
||||
}
|
||||
}
|
||||
else {
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
}
|
||||
}
|
||||
else if (isset($_GET['id'])) {
|
||||
// retrieve the file with given id from disk, return it,
|
||||
// and remove it from disk
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "jsoneditor",
|
||||
"version": "2.3.0-SNAPSHOT",
|
||||
"version": "2.2.2-SNAPSHOT",
|
||||
"description": "A web-based tool to view, edit and format JSON",
|
||||
"tags": [
|
||||
"json",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "jsoneditor",
|
||||
"version": "2.3.0-SNAPSHOT",
|
||||
"version": "2.2.2-SNAPSHOT",
|
||||
"description": "A web-based tool to view, edit and format JSON",
|
||||
"tags": [
|
||||
"json",
|
||||
|
|
Loading…
Reference in New Issue