alexgheorghiu / diagramo-old Goto Github PK
View Code? Open in Web Editor NEWPure HTML5 (canvas) flowchart software
License: Other
Pure HTML5 (canvas) flowchart software
License: Other
Clicking on the settings icon causes:
Fatal error: Call to a member function settingsGetByKeyNative() on a non-object in D:!!web\diagramo\editor\header.php on line 2
At first I would like to thank you for sharing your source code!
And I would like to ask you about the algorithm for path creating between 2 draggable points. Is it your own algorithm in your solution or is it from some book or from page in internet? I have never seen something like this and if it is the second case (not your own algorithm), I would like to read a litle bit more about this algorithm.
Would you like to give me some link(s) or names for this algorithm?
Thank you again!
As a third bug, the same file direct spits out the request parameter figureID which allows someone to insert a < script > tag, leading to an XSS attack.
A fourth bug exists in editDiagram.php, which doesn't check that the request param diagramId is an integer. A string can be passed in, and it's passed along from function to function right into Delegate::getMultiple. Finally addslashes stops the SQL injection fun. By the way, SQLite3 specifically advises against using addslashes (which doesn't work as expected with some multibyte character sets) and to use SQLite3::escapeString instead.
My advice is to be anal about sanitizing user input. I would also use ctype_digit instead of is_numeric as is_numeric will allow passing things like -0123.45e6 where ctype_digit will accept digits only.
Please get back to me so I know these critical security issues have been addressed.
The first allows anyone to download any file on the server that the user running the PHP script has access to (usually www-data, apache, etc). The bug is in getImage.php. The url request parameter is not sanitized, which allows for url like this:
http://example.com/editor/getImage.php?url=../../../etc/passwd
which happily returns the contents of /etc/password. An appropriate number of ../ can be used to access any file.
Similar holes exist in other scripts. svg.php allows the inclusion of any .svg file, and png.php allows the inclusion of any .png file.
check box public/private don't work, diagrams are always public.
users can see diagrams from other users
The second bug is if the userimages directory has been created. This isn't done by default, but if it is, the upload.php allows the uploading of any file, including a PHP script:
curl -F "[email protected];filename=blah.php" http://example.com/editor/upload.php
which will return with the filename the attacker needs to call. This should be addressed before the upload of images is enabled.
all users can see and delete other users even admin.
Notice: Trying to get property of non-object in C:\Projects\diagramo\web\editor\login.php on line 26
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.