liteFM fixes
This commit is contained in:
parent
b9727fdfa7
commit
751874ea8c
5 changed files with 280 additions and 84 deletions
|
|
@ -24,6 +24,74 @@
|
|||
|
||||
require_once('includes/lib_remote.php');
|
||||
|
||||
function litefm_decode_name_param($value)
|
||||
{
|
||||
return rawurldecode((string)$value);
|
||||
}
|
||||
|
||||
function litefm_escape_html($value)
|
||||
{
|
||||
return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
function litefm_is_valid_path_component($name)
|
||||
{
|
||||
if (!is_string($name) || $name === '' || $name === '.' || $name === '..') {
|
||||
return false;
|
||||
}
|
||||
if (strpos($name, "\0") !== false || strpos($name, '/') !== false || strpos($name, '\\') !== false) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function litefm_normalize_relative_path($relativePath)
|
||||
{
|
||||
$relativePath = str_replace('\\', '/', (string)$relativePath);
|
||||
$relativePath = preg_replace('#/+#', '/', $relativePath);
|
||||
$relativePath = trim($relativePath, '/');
|
||||
if ($relativePath === '') {
|
||||
return '';
|
||||
}
|
||||
if (strpos($relativePath, "\0") !== false) {
|
||||
return false;
|
||||
}
|
||||
if (preg_match('#(^|/)\.{1,2}(/|$)#', $relativePath)) {
|
||||
return false;
|
||||
}
|
||||
foreach (explode('/', $relativePath) as $segment) {
|
||||
if (!litefm_is_valid_path_component($segment)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return $relativePath;
|
||||
}
|
||||
|
||||
function litefm_path_within_home($homePath, $candidatePath)
|
||||
{
|
||||
$homeNorm = str_replace('\\', '/', clean_path((string)$homePath));
|
||||
$candidateNorm = str_replace('\\', '/', clean_path((string)$candidatePath));
|
||||
$homeCmp = strtolower(rtrim($homeNorm, '/'));
|
||||
$candidateCmp = strtolower($candidateNorm);
|
||||
if ($candidateCmp === $homeCmp) {
|
||||
return true;
|
||||
}
|
||||
return strpos($candidateCmp, $homeCmp . '/') === 0;
|
||||
}
|
||||
|
||||
function litefm_safe_join_home_path($homePath, $relativePath)
|
||||
{
|
||||
$normalizedRel = litefm_normalize_relative_path($relativePath);
|
||||
if ($normalizedRel === false) {
|
||||
return false;
|
||||
}
|
||||
$fullPath = clean_path(rtrim((string)$homePath, '/') . '/' . $normalizedRel);
|
||||
if (!litefm_path_within_home($homePath, $fullPath)) {
|
||||
return false;
|
||||
}
|
||||
return $fullPath;
|
||||
}
|
||||
|
||||
function do_progress($kbytes,$totalsize)
|
||||
{
|
||||
if( $totalsize != 0 )
|
||||
|
|
@ -54,7 +122,12 @@ function litefm_check($home_id)
|
|||
{
|
||||
if (isset($_GET['item']) and !isset($_GET['upload']) and !isset( $_POST['delete'] ) and !isset( $_POST['create_folder'] ) and !isset( $_POST['secureButton'] ) and !isset( $_POST['delete_check'] ) and !isset( $_POST['secure_check'] ))
|
||||
{
|
||||
$fileName = !empty($_POST['name']) ? urldecode($_POST['name']) : urldecode($_GET['name']);
|
||||
$fileName = !empty($_POST['name']) ? litefm_decode_name_param($_POST['name']) : litefm_decode_name_param(isset($_GET['name']) ? $_GET['name'] : '');
|
||||
if (!litefm_is_valid_path_component($fileName))
|
||||
{
|
||||
print_failure("Path decode failed");
|
||||
return FALSE;
|
||||
}
|
||||
if(isset($_GET['type'])){
|
||||
$type = $_GET['type'];
|
||||
}else{
|
||||
|
|
@ -66,23 +139,29 @@ function litefm_check($home_id)
|
|||
|
||||
$path = $_SESSION['fm_files_'.$home_id][$_GET['item']];
|
||||
if($path == $fileName){
|
||||
// Make sure nobody tries to get outside thier game server by referencing the .. directory
|
||||
if(preg_match("/\/\.\.\/|\||;/", $path))
|
||||
{
|
||||
print_failure(get_lang("unallowed_char"));
|
||||
$_SESSION['fm_cwd_'.$home_id] = NULL;
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
if($type != "file"){
|
||||
$_SESSION['fm_cwd_'.$home_id] = @$_SESSION['fm_cwd_'.$home_id] . "/" . $path;
|
||||
$_SESSION['fm_cwd_'.$home_id] = clean_path($_SESSION['fm_cwd_'.$home_id]);
|
||||
}else{
|
||||
if((isset($_SESSION['fm_cwd_'.$home_id]) and !endsWith($_SESSION['fm_cwd_'.$home_id], $path)) or !isset($_SESSION['fm_cwd_'.$home_id])){
|
||||
$_SESSION['fm_cwd_'.$home_id] = @$_SESSION['fm_cwd_'.$home_id] . "/" . $path;
|
||||
$_SESSION['fm_cwd_'.$home_id] = clean_path($_SESSION['fm_cwd_'.$home_id]);
|
||||
if($type != "file"){
|
||||
$nextPath = trim((string)@$_SESSION['fm_cwd_'.$home_id], '/');
|
||||
$nextPath = $nextPath === '' ? $path : $nextPath . '/' . $path;
|
||||
$normalizedNext = litefm_normalize_relative_path($nextPath);
|
||||
if($normalizedNext === false)
|
||||
{
|
||||
print_failure(get_lang("unallowed_char"));
|
||||
$_SESSION['fm_cwd_'.$home_id] = NULL;
|
||||
return FALSE;
|
||||
}
|
||||
$_SESSION['fm_cwd_'.$home_id] = $normalizedNext;
|
||||
}else{
|
||||
if((isset($_SESSION['fm_cwd_'.$home_id]) and !endsWith($_SESSION['fm_cwd_'.$home_id], $path)) or !isset($_SESSION['fm_cwd_'.$home_id])){
|
||||
$nextPath = trim((string)@$_SESSION['fm_cwd_'.$home_id], '/');
|
||||
$nextPath = $nextPath === '' ? $path : $nextPath . '/' . $path;
|
||||
$normalizedNext = litefm_normalize_relative_path($nextPath);
|
||||
if($normalizedNext === false)
|
||||
{
|
||||
print_failure(get_lang("unallowed_char"));
|
||||
$_SESSION['fm_cwd_'.$home_id] = NULL;
|
||||
return FALSE;
|
||||
}
|
||||
$_SESSION['fm_cwd_'.$home_id] = $normalizedNext;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue