Knah-Tsaeb/Minigalnano
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #104 from Aldarone/89-double-dot-in-dir-name

Browse source 
Somewhat more complex protection against directory traversal attacks.
This commit is contained in:
Tom.C. 2015-07-25 16:07:19 +02:00
commit 4abbb3011b
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
index.php
View file

@ -137,6 +137,20 @@ function checkpermissions($file) {
} }
} }
function guardAgainstDirectoryTraversal($path) {
/*
* I don't like regexes but this matches
* any attemp of directory traversal I could think of
* without forbidding « .. » in directory names.
*/
$pattern = "/^(.*\/)?(\.\.)(\/.*)?$/";
$directoryTraversal = preg_match($pattern, $path);
if ($directoryTraversal === 1) {
die("ERROR: Could not open " . htmlspecialchars(stripslashes($currentdir)) . " for reading!");
}
}
if (!defined("GALLERY_ROOT")) { if (!defined("GALLERY_ROOT")) {
define("GALLERY_ROOT", ""); define("GALLERY_ROOT", "");
} }
@ -150,10 +164,7 @@ $photoRoot = GALLERY_ROOT . 'photos/';
$thumbdir = rtrim('photos/' . $requestedDir, '/'); $thumbdir = rtrim('photos/' . $requestedDir, '/');
$currentdir = GALLERY_ROOT . $thumbdir; $currentdir = GALLERY_ROOT . $thumbdir;
$thumbdirIsInPhotoRoot = strpos(realpath($thumbdir), realpath($photoRoot)); guardAgainstDirectoryTraversal($currentdir);
if ($thumbdirIsInPhotoRoot === false) {
die("ERROR: Could not open " . htmlspecialchars(stripslashes($currentdir)) . " for reading!");
}
//----------------------- //-----------------------
// READ FILES AND FOLDERS // READ FILES AND FOLDERS