Fix access control bypass vulnerability for non-proxy SVR.JS mods

2023-09-07 18:00:58 +02:00 · 2023-09-07 18:00:58 +02:00 · 2d733b70bf
commit 2d733b70bf
parent 2c93e0fc24
3 changed files with 15 additions and 5 deletions
--- a/config.json
+++ b/config.json
@ -3,7 +3,7 @@
  "port": 80,
  "pubport": 80,
  "page404": "404.html",
-  "timestamp": 1694024561052,
+  "timestamp": 1694099048015,
  "blacklist": [],
  "nonStandardCodes": [],
  "enableCompression": true,
@ -102,4 +102,4 @@
  "errorPages": [],
  "useWebRootServerSideScript": true,
  "exposeModsInErrorPages": true
-}
+}
--- a/svr.js
+++ b/svr.js
@ -3274,9 +3274,19 @@ if (!cluster.isPrimary) {
    function modExecute(mods, ffinals) {
      // Prepare modFunction
      var modFunction = ffinals;
-      for (var i = mods.length - 1; i >= 0; i--) {
-        modFunction = mods[i].callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, modFunction, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData);
+      var useMods = mods;
+      
+      if(isProxy) {
+        // Get list of forward proxy mods
+        useMods = [];
+        mods.forEach(function (mod) {
+          if (mod.proxyCallback !== undefined) useMods.push(mod);
+        });
      }
+      
+      useMods.reverse().forEach(function (modO) {
+        modFunction = modO.callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, modFunction, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData);
+      });

      // Execute modfunction
      modFunction();
--- a/views.txt
+++ b/views.txt
@ -1 +1 @@
-56
+0