Somewhat more complex protection against directory traversal attacks.

But hey, we can use symlinks again ! (☞ಠ_ಠ)☞

Really fixes sebsauvage/MinigalNano/#89
This commit is contained in:
Alda Marteau-Hardi 2015-07-24 18:44:08 +02:00
parent 950a741cbd
commit a60233ecab

View file

@ -137,6 +137,20 @@ function checkpermissions($file) {
} }
} }
function guardAgainstDirectoryTraversal($path) {
/*
* I don't like regexes but this matches
* any attemp of directory traversal I could think of
* without forbidding « .. » in directory names.
*/
$pattern = "/^(.*\/)?(\.\.)(\/.*)?$/";
$directoryTraversal = preg_match($pattern, $path);
if ($directoryTraversal === 1) {
die("ERROR: Could not open " . htmlspecialchars(stripslashes($currentdir)) . " for reading!");
}
}
if (!defined("GALLERY_ROOT")) { if (!defined("GALLERY_ROOT")) {
define("GALLERY_ROOT", ""); define("GALLERY_ROOT", "");
} }
@ -150,10 +164,7 @@ $photoRoot = GALLERY_ROOT . 'photos/';
$thumbdir = rtrim('photos/' . $requestedDir, '/'); $thumbdir = rtrim('photos/' . $requestedDir, '/');
$currentdir = GALLERY_ROOT . $thumbdir; $currentdir = GALLERY_ROOT . $thumbdir;
$thumbdirIsInPhotoRoot = strpos(realpath($thumbdir), realpath($photoRoot)); guardAgainstDirectoryTraversal($currentdir);
if ($thumbdirIsInPhotoRoot === false) {
die("ERROR: Could not open " . htmlspecialchars(stripslashes($currentdir)) . " for reading!");
}
//----------------------- //-----------------------
// READ FILES AND FOLDERS // READ FILES AND FOLDERS