Detaint some user inputs to avoid malicious file inclusion
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3483 e3e1d417-86f3-4887-817a-d78f3d33393f
This commit is contained in:
parent
a3ef933f2d
commit
6035ed211a
|
@ -2350,13 +2350,21 @@ function generateConnKey()
|
|||
return( rand( 1, 999999 ) );
|
||||
}
|
||||
|
||||
function detaintPath( $path )
|
||||
{
|
||||
// Remove any absolute paths, or relative ones that want to go up
|
||||
$path = preg_replace( '/\.\.\//', '', $path );
|
||||
$path = preg_replace( '/^\//', '', $path );
|
||||
return( $path );
|
||||
}
|
||||
|
||||
function getSkinFile( $file )
|
||||
{
|
||||
global $skinBase;
|
||||
$skinFile = false;
|
||||
foreach ( $skinBase as $skin )
|
||||
{
|
||||
$tempSkinFile = 'skins'.'/'.$skin.'/'.$file;
|
||||
$tempSkinFile = detaintPath( 'skins'.'/'.$skin.'/'.$file );
|
||||
if ( file_exists( $tempSkinFile ) )
|
||||
$skinFile = $tempSkinFile;
|
||||
}
|
||||
|
@ -2369,7 +2377,7 @@ function getSkinIncludes( $file, $includeBase=false, $asOverride=false )
|
|||
$skinFile = false;
|
||||
foreach ( $skinBase as $skin )
|
||||
{
|
||||
$tempSkinFile = 'skins'.'/'.$skin.'/'.$file;
|
||||
$tempSkinFile = detaintPath( 'skins'.'/'.$skin.'/'.$file );
|
||||
if ( file_exists( $tempSkinFile ) )
|
||||
$skinFile = $tempSkinFile;
|
||||
}
|
||||
|
|
|
@ -97,10 +97,13 @@ require_once( 'includes/lang.php' );
|
|||
require_once( 'includes/functions.php' );
|
||||
|
||||
if ( isset($_REQUEST['view']) )
|
||||
$view = validHtmlStr($_REQUEST['view']);
|
||||
$view = detaintPath($_REQUEST['view']);
|
||||
|
||||
if ( isset($_REQUEST['request']) )
|
||||
$request = detaintPath($_REQUEST['request']);
|
||||
|
||||
if ( isset($_REQUEST['action']) )
|
||||
$action = validHtmlStr($_REQUEST['action']);
|
||||
$action = detaintPath($_REQUEST['action']);
|
||||
|
||||
require_once( 'includes/actions.php' );
|
||||
|
||||
|
@ -109,13 +112,10 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
|
|||
|
||||
if ( isset( $_REQUEST['request'] ) )
|
||||
{
|
||||
$request = validHtmlStr($_REQUEST['request']);
|
||||
foreach ( getSkinIncludes( 'ajax/'.$request.'.php', true, true ) as $includeFile )
|
||||
{
|
||||
if ( !file_exists( $includeFile ) )
|
||||
{
|
||||
Fatal( "Request '$request' does not exist" );
|
||||
}
|
||||
require_once $includeFile;
|
||||
}
|
||||
return;
|
||||
|
@ -127,9 +127,7 @@ else
|
|||
foreach ( $includeFiles as $includeFile )
|
||||
{
|
||||
if ( !file_exists( $includeFile ) )
|
||||
{
|
||||
Fatal( "View '$view' does not exist" );
|
||||
}
|
||||
require_once $includeFile;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue