You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When configuring multiple allowed directories, they are not validated correctly.
The problem is that in the ./classes/logstreamdisk.class.php the function Verify() has a very little problem. When looking for the string $szFileDirName in $szAllowedDir it will never work with more than 1 allowed directory configured with the way this function is called because the separator comma is in $szAllowedDir. Simply by reversing the strings it will work. Because now you are looking for the string $szAllowedDir (with comma) in string $szFileDirName (without comma). When reversing it the haystack becomes $szAllowedDir (with comma) and the needle is $szFileDirName (without comma). Using the argument names found on http://php.net/manual/en/function.strpos.php to clarify a bit.
LogAnalyzer v4.5.1 runs on NginX with php7.0-fpm.
Hopefully this wil help,
Kind regards,
Bart
public function Verify()
Problem: if ( strpos( $szFileDirName, $szAllowedDir ) !== FALSE ){
Correction: if ( strpos( $szAllowedDir, $szFileDirName ) !== FALSE ){
The text was updated successfully, but these errors were encountered:
Dear,
When configuring multiple allowed directories, they are not validated correctly.
The problem is that in the ./classes/logstreamdisk.class.php the function Verify() has a very little problem. When looking for the string $szFileDirName in $szAllowedDir it will never work with more than 1 allowed directory configured with the way this function is called because the separator comma is in $szAllowedDir. Simply by reversing the strings it will work. Because now you are looking for the string $szAllowedDir (with comma) in string $szFileDirName (without comma). When reversing it the haystack becomes $szAllowedDir (with comma) and the needle is $szFileDirName (without comma). Using the argument names found on http://php.net/manual/en/function.strpos.php to clarify a bit.
LogAnalyzer v4.5.1 runs on NginX with php7.0-fpm.
Hopefully this wil help,
Kind regards,
Bart
public function Verify()Problem:
if ( strpos( $szFileDirName, $szAllowedDir ) !== FALSE ){Correction:
if ( strpos( $szAllowedDir, $szFileDirName ) !== FALSE ){The text was updated successfully, but these errors were encountered: