[Pkg-owncloud-commits] [owncloud] 118/457: End processing when file is not found

David Prévot taffit at moszumanska.debian.org
Sun Jun 28 20:05:43 UTC 2015


This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch stable8
in repository owncloud.

commit 8ce3d6ea57a2181afddc03e154495b6ddeb6c6be
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Fri May 22 11:53:02 2015 +0200

    End processing when file is not found
    
    We have to end the processing when a file is not found or otherwise the method is proceeding and even sending invalid file paths to the sendfile methods.
    
    Due to nginx preventing directory traversals this is luckily not immediately exploitable. We should for hardening purposes however quit the script execution just as we do for 403 cases and others as well.
---
 lib/private/files.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/private/files.php b/lib/private/files.php
index 6a739fc..5a3e102 100644
--- a/lib/private/files.php
+++ b/lib/private/files.php
@@ -138,6 +138,7 @@ class OC_Files {
 				header("HTTP/1.0 404 Not Found");
 				$tmpl = new OC_Template('', '404', 'guest');
 				$tmpl->printPage();
+				exit();
 			} else {
 				header("HTTP/1.0 403 Forbidden");
 				die('403 Forbidden');

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git



More information about the Pkg-owncloud-commits mailing list