1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
$NetBSD: patch-ad,v 1.1 2009/12/20 04:21:05 taca Exp $
* Security fix:
http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html
--- typolight/ftp.php.orig 2008-12-13 15:27:05.000000000 +0000
+++ typolight/ftp.php
@@ -88,6 +88,9 @@ class FtpCheck extends Controller
*/
if ($this->Input->post('FORM_SUBMIT') == 'tl_login')
{
+ $_SESSION['TL_INSTALL_AUTH'] = '';
+ $_SESSION['TL_INSTALL_EXPIRE'] = 0;
+
$password = sha1($this->Input->post('password', true));
if (strlen($password) && $password != 'da39a3ee5e6b4b0d3255bfef95601890afd80709')
@@ -95,7 +98,10 @@ class FtpCheck extends Controller
// Set cookie
if ($password == $GLOBALS['TL_CONFIG']['installPassword'])
{
- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']);
+ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300);
+ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id());
+
+ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']);
$this->Config->update("\$GLOBALS['TL_CONFIG']['installCount']", 0);
$this->reload();
@@ -109,14 +115,20 @@ class FtpCheck extends Controller
}
// Check cookie
- if (!$this->Input->cookie('TL_INSTALL_AUTH'))
+ if (!$this->Input->cookie('TL_INSTALL_AUTH') || $_SESSION['TL_INSTALL_AUTH'] == '' || $this->Input->cookie('TL_INSTALL_AUTH') != $_SESSION['TL_INSTALL_AUTH'] || $_SESSION['TL_INSTALL_EXPIRE'] < time())
{
$this->Template->login = true;
$this->outputAndExit();
}
// Renew cookie
- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']);
+ else
+ {
+ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300);
+ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id());
+
+ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']);
+ }
/**
|