On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote: > > This introduces a remote file inclusion vulnerability allowing an > > attacker to read arbitrary files since "$pkgbuild" is not validated > > before passing it to file_get_contents(). > > > > Don't apply this patch until everything is fixed, please. > Thanks for your suggestions, i added them all to CCR ;)
Btw, this is still not fixed! Have a look at [1]. You should consider using basename(), realpath() and/or regexp to check the PKGBUILD path. Also check [2], [3]. [1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001268.html [2] http://www.madirish.net/?article=427 [3] http://www.acunetix.com/websitesecurity/php-security-3.htm
