diff options
| author | jim-p <jimp@netgate.com> | 2019-05-24 15:47:43 -0400 |
|---|---|---|
| committer | jim-p <jimp@netgate.com> | 2019-05-24 15:49:55 -0400 |
| commit | f8560a14e9fb41631a51dce552a0342a84d5b1f6 (patch) | |
| tree | 87725e33fb28c23e1c8eff8c4a6372847da4d792 | |
| parent | 00680d36ef089c0544a057c851074d76bc81bb85 (diff) | |
| download | pfsense-f8560a14e9fb41631a51dce552a0342a84d5b1f6.zip pfsense-f8560a14e9fb41631a51dce552a0342a84d5b1f6.tar.gz | |
Privilege matching -- allow JS anchors. Fixes #9550
Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by JavaScript.
So long as the anchor name doesn't contain any characters that might let
it evade other checks, allow it through.
(cherry picked from commit bdbd8534eef5b93370065340de225a1cd5e5faa8)
| -rw-r--r-- | src/etc/inc/auth_func.inc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/etc/inc/auth_func.inc b/src/etc/inc/auth_func.inc index 795ccdb..e142e4f 100644 --- a/src/etc/inc/auth_func.inc +++ b/src/etc/inc/auth_func.inc @@ -42,6 +42,16 @@ function cmp_page_matches($page, & $matches, $fullwc = true) { $file = realpath( $g['www_path'] . '/' . ltrim($file, '/')); if (empty($file)) { /* File does not exist, or other path shenanigans */ + + /* Some tabs are just JS anchors, detect this case. */ + if ((substr($page, 0, 1) == "#") && + (strpos($page, '.') === false) && + (strpos($page, '/') === false) && + (strpos($page, '?') === false)) { + return true; + } + + /* Tried to query a path that does not exist */ return false; } $page = str_replace($g['www_path'] . '/', '', $file); |
