From f454d0f4a4e1da344aa87be873ac583f52b42890 Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Tue, 13 Aug 2013 00:07:23 +1000 Subject: [PATCH] Upload via URL: Make sure we're not vulnerable to this buffer overflow exploit. http://www.exploit-db.com/exploits/24487/ --- post.php | 1 + 1 file changed, 1 insertion(+) diff --git a/post.php b/post.php index 6bed96e1..8a8487e8 100644 --- a/post.php +++ b/post.php @@ -295,6 +295,7 @@ if (isset($_POST['delete'])) { curl_setopt($curl, CURLOPT_USERAGENT, 'Tinyboard'); curl_setopt($curl, CURLOPT_BINARYTRANSFER, true); curl_setopt($curl, CURLOPT_FILE, $fp); + curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); if (curl_exec($curl) === false) error($config['error']['nomove']);