Browse Source

Checking includes for valid paths

pull/1912/head
Michael Vogel 6 years ago
parent
commit
3ace2136f0
2 changed files with 40 additions and 3 deletions
  1. +28
    -0
      boot.php
  2. +12
    -3
      include/poller.php

+ 28
- 0
boot.php View File

@ -1893,3 +1893,31 @@ if(!function_exists('exif_imagetype')) {
return($size[2]);
}
}
function validate_include(&$file) {
$orig_file = $file;
$file = realpath($file);
if (strpos($file, getcwd()) !== 0)
return false;
$file = str_replace(getcwd()."/", "", $file, $count);
if ($count != 1)
return false;
if ($orig_file !== $file)
return false;
$valid = false;
if (strpos($file, "include/") === 0)
$valid = true;
if (strpos($file, "addon/") === 0)
$valid = true;
if (!$valid)
return false;
return true;
}

+ 12
- 3
include/poller.php View File

@ -65,8 +65,16 @@ function poller_run(&$argv, &$argc){
$argc = count($argv);
// To-Do: Check for existance
require_once(basename($argv[0]));
// Check for existance and validity of the include file
$include = $argv[0];
if (!validate_include($include)) {
logger("Include file ".$argv[0]." is not valid!");
q("DELETE FROM `workerqueue` WHERE `id` = %d", intval($r[0]["id"]));
continue;
}
require_once($include);
$funcname=str_replace(".php", "", basename($argv[0]))."_run";
@ -77,7 +85,8 @@ function poller_run(&$argv, &$argc){
logger("Process ".getmypid().": ".$funcname." - done");
q("DELETE FROM `workerqueue` WHERE `id` = %d", intval($r[0]["id"]));
}
} else
logger("Function ".$funcname." does not exist");
}
}


Loading…
Cancel
Save