BUG FSCounter: Anonymous can clean up counter file
Hi, if using FSCounter it's possible for user Anonymous to clean up the counter's file with an easy: http://yourdomain.de/counterobject/write/count=crashme Now the counter file on server's filesystem is empty and FSCounter's "read" method breaks with "ValueError: invalid literal for int()". On most websites FSCounter instances are just called "counter" or "Counter" and placed in the root folder. So it's a secound to reset the counter and in some cases this crash the front site too if the counter object is called without a dtml-try tag. a short fix: change write method to: def write(self): ''' increment file ''' count = 1 value = self.read() outfile = open(str(Globals.data_dir) + os.sep + str(self.filename), 'wb') outfile.write(str(value + count)) outfile.close() return int(value + count) and increase method to: def increase(self, REQUEST=None): ''' increase ''' return self.write() Bye Marcus -- ,---- [ Marcus Schopen ] | (0> | //\ P.O. Box 10 25 25 | V_/_ 33525 Bielefeld | Germany `---- __________________________________________________ Petition for a Software Patent Free Europe http://petition.eurolinux.org
sorry typo, it's: http://yourdomain.de/counterobject/write?count=crashme Marcus Schopen wrote:
Hi,
if using FSCounter it's possible for user Anonymous to clean up the counter's file with an easy:
http://yourdomain.de/counterobject/write/count=crashme
Now the counter file on server's filesystem is empty and FSCounter's "read" method breaks with "ValueError: invalid literal for int()".
On most websites FSCounter instances are just called "counter" or "Counter" and placed in the root folder. So it's a secound to reset the counter and in some cases this crash the front site too if the counter object is called without a dtml-try tag.
a short fix:
change write method to:
def write(self): ''' increment file ''' count = 1 value = self.read() outfile = open(str(Globals.data_dir) + os.sep + str(self.filename), 'wb') outfile.write(str(value + count)) outfile.close() return int(value + count)
and increase method to:
def increase(self, REQUEST=None): ''' increase ''' return self.write()
Bye Marcus
-- ,---- [ Marcus Schopen ] | (0> | //\ P.O. Box 10 25 25 | V_/_ 33525 Bielefeld | Germany `---- __________________________________________________ Petition for a Software Patent Free Europe http://petition.eurolinux.org
Hmm good point. I'll try to get out a new release, thanks. ----- Original Message ----- From: "Marcus Schopen" <marcus.schopen@uni-bielefeld.de> To: "Marcus Schopen" <marcus.schopen@uni-bielefeld.de> Cc: <zope@zope.org> Sent: Tuesday, April 23, 2002 6:25 PM Subject: Re: [Zope] BUG FSCounter: Anonymous can clean up counter file
sorry typo, it's:
http://yourdomain.de/counterobject/write?count=crashme
Marcus Schopen wrote:
Hi,
if using FSCounter it's possible for user Anonymous to clean up the counter's file with an easy:
http://yourdomain.de/counterobject/write/count=crashme
Now the counter file on server's filesystem is empty and FSCounter's "read" method breaks with "ValueError: invalid literal for int()".
On most websites FSCounter instances are just called "counter" or "Counter" and placed in the root folder. So it's a secound to reset the counter and in some cases this crash the front site too if the counter object is called without a dtml-try tag.
a short fix:
change write method to:
def write(self): ''' increment file ''' count = 1 value = self.read() outfile = open(str(Globals.data_dir) + os.sep + str(self.filename), 'wb') outfile.write(str(value + count)) outfile.close() return int(value + count)
and increase method to:
def increase(self, REQUEST=None): ''' increase ''' return self.write()
Bye Marcus
--
,---- [ Marcus Schopen ] | (0> | //\ P.O. Box 10 25 25 | V_/_ 33525 Bielefeld | Germany `----
__________________________________________________
Petition for a Software Patent Free Europe http://petition.eurolinux.org
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (2)
-
Andy McKay -
Marcus Schopen