Allow to use « .. » in directory name.
Some people names their directories like this : (2014-09-01..08)+Super+Party which is a perfectly valid directory name. But the directory traversal protection was a bit protective and prevented this. Now it checks if the requested directory is in the gallery directory by comparing their real path. Fixes sebsauvage/MinigalNano/#89
This commit is contained in:
Nicolas DIDIER
parent
6a670e1465
commit
950a741cbd
1 changed files with 6 additions and 7 deletions
13
index.php
13
index.php
|
|
@ -146,16 +146,15 @@ if (!empty($_GET['dir'])) {
|
||||||
$requestedDir = $_GET['dir'];
|
$requestedDir = $_GET['dir'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$photoRoot = GALLERY_ROOT . 'photos/';
|
||||||
$thumbdir = rtrim('photos/' . $requestedDir, '/');
|
$thumbdir = rtrim('photos/' . $requestedDir, '/');
|
||||||
|
|
||||||
//$thumbdir = str_replace('/..', '', $thumbdir); // Prevent directory traversal attacks.
|
|
||||||
if (strstr($thumbdir, '..') !== false) {
|
|
||||||
$requestedDir = '';
|
|
||||||
$thumbdir = rtrim('photos/', '/');
|
|
||||||
}
|
|
||||||
|
|
||||||
$currentdir = GALLERY_ROOT . $thumbdir;
|
$currentdir = GALLERY_ROOT . $thumbdir;
|
||||||
|
|
||||||
|
$thumbdirIsInPhotoRoot = strpos(realpath($thumbdir), realpath($photoRoot));
|
||||||
|
if ($thumbdirIsInPhotoRoot === false) {
|
||||||
|
die("ERROR: Could not open " . htmlspecialchars(stripslashes($currentdir)) . " for reading!");
|
||||||
|
}
|
||||||
|
|
||||||
//-----------------------
|
//-----------------------
|
||||||
// READ FILES AND FOLDERS
|
// READ FILES AND FOLDERS
|
||||||
//-----------------------
|
//-----------------------
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue