You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This directory traversal weakness isn't a security vulnerability in Piwik 1.0 because we don't unzip third-party (inherently untrusted) .zip archives within the app. But if we supply an absolute path to both PCLZIP_OPT_PATH and PCLZIP_OPT_EXTRACT_DIR_RESTRICTION, extract() can create files outside of the target directory if the stored filename contains '../'.
Since we contemplate in-app installation of third-party plugins in the future, we should tighten up our code to serve as a reference implementation.
The PCLZIP_OPT_EXTRACT_DIR_RESTRICTION option -- to restrict to a specified extract basedir -- appears to be incompatible with with the absolute path specified via PCLZIP_OPT_PATH. I've given up on hacking pclzip.lib.php (i.e., fix one thing, introduce new side-effects). Instead, I'll use the PCLZIP_CB_PRE_EXTRACT hook (callback) to examine the target path, and either accept or skip/abort as needed.
The text was updated successfully, but these errors were encountered:
This directory traversal weakness isn't a security vulnerability in Piwik 1.0 because we don't unzip third-party (inherently untrusted) .zip archives within the app. But if we supply an absolute path to both PCLZIP_OPT_PATH and PCLZIP_OPT_EXTRACT_DIR_RESTRICTION, extract() can create files outside of the target directory if the stored filename contains '../'.
Since we contemplate in-app installation of third-party plugins in the future, we should tighten up our code to serve as a reference implementation.
The PCLZIP_OPT_EXTRACT_DIR_RESTRICTION option -- to restrict to a specified extract basedir -- appears to be incompatible with with the absolute path specified via PCLZIP_OPT_PATH. I've given up on hacking pclzip.lib.php (i.e., fix one thing, introduce new side-effects). Instead, I'll use the PCLZIP_CB_PRE_EXTRACT hook (callback) to examine the target path, and either accept or skip/abort as needed.
The text was updated successfully, but these errors were encountered: