Skip to content

Commit

Permalink
Fixed a security error in the server side file retriever script of th…
Browse files Browse the repository at this point in the history
…e web app.
  • Loading branch information
josdejong committed Jul 31, 2013
1 parent 02c5fa4 commit 01f6112
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 8 deletions.
2 changes: 2 additions & 0 deletions HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ http://jsoneditoronline.org

- Fixed non working option `indentation`.
- Fixed css not being loaded with AMD in case of multiple scripts.
- Fixed a security error in the server side file retriever script of
the web application.


## 2013-05-27, version 2.2.1
Expand Down
17 changes: 11 additions & 6 deletions app/web/fileretriever.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,19 @@ function getFilename($id) {
'header' => "Accept: application/json\r\n"
)
));
$body = file_get_contents($url, false, $context);
if ($body != false) {
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-type: application/json');
echo $body;
if (preg_match('/^https?:\/\//', $url)) { // only allow to fetch http:// and https:// urls
$body = file_get_contents($url, false, $context);
if ($body != false) {
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-type: application/json');
echo $body;
}
else {
header('HTTP/1.1 404 Not Found');
}
}
else {
header('HTTP/1.1 404 Not Found');
header('HTTP/1.1 403 Forbidden');
}
}
else if (isset($_GET['id'])) {
Expand Down
2 changes: 1 addition & 1 deletion bower.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jsoneditor",
"version": "2.3.0-SNAPSHOT",
"version": "2.2.2-SNAPSHOT",
"description": "A web-based tool to view, edit and format JSON",
"tags": [
"json",
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jsoneditor",
"version": "2.3.0-SNAPSHOT",
"version": "2.2.2-SNAPSHOT",
"description": "A web-based tool to view, edit and format JSON",
"tags": [
"json",
Expand Down

0 comments on commit 01f6112

Please sign in to comment.