check extension and path traversal
This commit is contained in:
parent
3ab8c4c0a6
commit
d0843a4070
14 changed files with 47 additions and 39 deletions
|
@ -252,6 +252,8 @@ class Plugin {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Returns TRUE if the plugin is installed
|
||||||
|
// This function just check if the database of the plugin is created
|
||||||
public function installed()
|
public function installed()
|
||||||
{
|
{
|
||||||
return file_exists($this->filenameDb);
|
return file_exists($this->filenameDb);
|
||||||
|
@ -271,13 +273,13 @@ class Plugin {
|
||||||
public function post()
|
public function post()
|
||||||
{
|
{
|
||||||
$args = $_POST;
|
$args = $_POST;
|
||||||
foreach ($this->dbFields as $key=>$value) {
|
foreach ($this->dbFields as $field=>$value) {
|
||||||
if (isset($args[$key])) {
|
if (isset($args[$field])) {
|
||||||
$value = Sanitize::html( $args[$key] );
|
$finalValue = Sanitize::html( $args[$field] );
|
||||||
if ($value==='false') { $value = false; }
|
if ($finalValue==='false') { $finalValue = false; }
|
||||||
elseif ($value==='true') { $value = true; }
|
elseif ($finalValue==='true') { $finalValue = true; }
|
||||||
settype($value, gettype($this->dbFields[$key]));
|
settype($finalValue, gettype($value));
|
||||||
$this->db[$key] = $value;
|
$this->db[$field] = $finalValue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $this->save();
|
return $this->save();
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<ul class="nav flex-column pt-4">
|
<ul class="nav flex-column pt-4">
|
||||||
|
|
||||||
<li class="nav-item mb-4" style="margin-left: -4px;">
|
<li class="nav-item mb-4" style="margin-left: -4px;">
|
||||||
<img src="<?php echo HTML_PATH_ADMIN_THEME ?>img/logo.svg" width="20" height="20" alt="bludit-logo"><span class="ml-2 align-middle"><?php echo (defined('BLUDIT_PRO'))?'BLUDIT PRO':'BLUDIT' ?></span>
|
<img src="<?php echo HTML_PATH_CORE_IMG ?>logo.svg" width="20" height="20" alt="bludit-logo"><span class="ml-2 align-middle"><?php echo (defined('BLUDIT_PRO'))?'BLUDIT PRO':'BLUDIT' ?></span>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
<meta name="generator" content="Bludit">
|
<meta name="generator" content="Bludit">
|
||||||
|
|
||||||
<!-- Favicon -->
|
<!-- Favicon -->
|
||||||
<link rel="shortcut icon" type="image/x-icon" href="<?php echo DOMAIN_ADMIN_THEME.'img/favicon.png?version='.BLUDIT_VERSION ?>">
|
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_CORE_IMG.'favicon.png?version='.BLUDIT_VERSION ?>">
|
||||||
|
|
||||||
<!-- CSS -->
|
<!-- CSS -->
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<meta name="robots" content="noindex,nofollow">
|
<meta name="robots" content="noindex,nofollow">
|
||||||
|
|
||||||
<!-- Favicon -->
|
<!-- Favicon -->
|
||||||
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_ADMIN_THEME.'img/favicon.png?version='.BLUDIT_VERSION ?>">
|
<link rel="shortcut icon" type="image/x-icon" href="<?php echo HTML_PATH_CORE_IMG.'favicon.png?version='.BLUDIT_VERSION ?>">
|
||||||
|
|
||||||
<!-- CSS -->
|
<!-- CSS -->
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -10,7 +10,7 @@ $filename = isset($_POST['filename']) ? $_POST['filename'] : false;
|
||||||
$uuid = empty($_POST['uuid']) ? false : $_POST['uuid'];
|
$uuid = empty($_POST['uuid']) ? false : $_POST['uuid'];
|
||||||
// ----------------------------------------------------------------------------
|
// ----------------------------------------------------------------------------
|
||||||
|
|
||||||
if ($filename==false) {
|
if ($filename===false) {
|
||||||
ajaxResponse(1, 'The filename is empty.');
|
ajaxResponse(1, 'The filename is empty.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,12 +16,27 @@ if (!isset($_FILES['profilePictureInputFile'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// File extension
|
// File extension
|
||||||
$fileExtension = pathinfo($_FILES['profilePictureInputFile']['name'], PATHINFO_EXTENSION);
|
$allowedExtensions = array('gif', 'png', 'jpg', 'jpeg', 'svg');
|
||||||
|
$fileExtension = pathinfo($_FILES['profilePictureInputFile']['name'], PATHINFO_EXTENSION);
|
||||||
|
if (!in_array($fileExtension, $allowedExtensions) ) {
|
||||||
|
$message = 'File type is not supported. Allowed types: '.implode(', ',$allowedExtensions);
|
||||||
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
|
ajaxResponse(1, $message);
|
||||||
|
}
|
||||||
|
|
||||||
// Tmp filename
|
// Tmp filename
|
||||||
$tmpFilename = $username.'.'.$fileExtension;
|
$tmpFilename = $username.'.'.$fileExtension;
|
||||||
|
|
||||||
// Final filename
|
// Final filename
|
||||||
$filename = $username.'.png';
|
$filename = $username.'.png';
|
||||||
|
|
||||||
|
// Check path traversal
|
||||||
|
if (Text::stringContains($username, '/', false)) {
|
||||||
|
$message = 'Path traversal detected.';
|
||||||
|
Log::set($message, LOG_TYPE_ERROR);
|
||||||
|
ajaxResponse(1, $message);
|
||||||
|
}
|
||||||
|
|
||||||
// Move from temporary directory to uploads folder
|
// Move from temporary directory to uploads folder
|
||||||
rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);
|
rename($_FILES['profilePictureInputFile']['tmp_name'], PATH_TMP.$tmpFilename);
|
||||||
|
|
||||||
|
|
|
@ -61,11 +61,6 @@ define('DB_SYSLOG', PATH_DATABASES.'syslog.php');
|
||||||
define('DB_USERS', PATH_DATABASES.'users.php');
|
define('DB_USERS', PATH_DATABASES.'users.php');
|
||||||
define('DB_SECURITY', PATH_DATABASES.'security.php');
|
define('DB_SECURITY', PATH_DATABASES.'security.php');
|
||||||
|
|
||||||
// JSON pretty print
|
|
||||||
if (!defined('JSON_PRETTY_PRINT')) {
|
|
||||||
define('JSON_PRETTY_PRINT', 128);
|
|
||||||
}
|
|
||||||
|
|
||||||
// User environment variables
|
// User environment variables
|
||||||
include(PATH_KERNEL.'boot'.DS.'variables.php');
|
include(PATH_KERNEL.'boot'.DS.'variables.php');
|
||||||
|
|
||||||
|
|
|
@ -54,17 +54,16 @@ function buildPlugins()
|
||||||
global $L;
|
global $L;
|
||||||
global $site;
|
global $site;
|
||||||
|
|
||||||
// List plugins directories
|
|
||||||
$list = Filesystem::listDirectories(PATH_PLUGINS);
|
|
||||||
|
|
||||||
// Get declared clasess BEFORE load plugins clasess
|
// Get declared clasess BEFORE load plugins clasess
|
||||||
$currentDeclaredClasess = get_declared_classes();
|
$currentDeclaredClasess = get_declared_classes();
|
||||||
|
|
||||||
|
// List plugins directories
|
||||||
|
$list = Filesystem::listDirectories(PATH_PLUGINS);
|
||||||
// Load each plugin clasess
|
// Load each plugin clasess
|
||||||
foreach ($list as $pluginPath) {
|
foreach ($list as $pluginPath) {
|
||||||
// Check if the directory has the plugin.php
|
// Check if the directory has the plugin.php
|
||||||
if (file_exists($pluginPath.DS.'plugin.php')) {
|
if (file_exists($pluginPath.DS.'plugin.php')) {
|
||||||
include($pluginPath.DS.'plugin.php');
|
include_once($pluginPath.DS.'plugin.php');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -76,7 +75,7 @@ function buildPlugins()
|
||||||
|
|
||||||
// Check if the plugin is translated
|
// Check if the plugin is translated
|
||||||
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.$site->language().'.json';
|
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.$site->language().'.json';
|
||||||
if( !Sanitize::pathFile($languageFilename) ) {
|
if (!Sanitize::pathFile($languageFilename)) {
|
||||||
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.DEFAULT_LANGUAGE_FILE;
|
$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.DEFAULT_LANGUAGE_FILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -106,6 +105,7 @@ function buildPlugins()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Sort the plugins by the position for the site sidebar
|
||||||
uasort($plugins['siteSidebar'], function ($a, $b) {
|
uasort($plugins['siteSidebar'], function ($a, $b) {
|
||||||
return $a->position()>$b->position();
|
return $a->position()>$b->position();
|
||||||
}
|
}
|
||||||
|
|
3
bl-kernel/css/bootstrap.min.css
vendored
3
bl-kernel/css/bootstrap.min.css
vendored
File diff suppressed because one or more lines are too long
|
@ -30,30 +30,28 @@ class Sanitize {
|
||||||
|
|
||||||
public static function pathFile($path, $file=false)
|
public static function pathFile($path, $file=false)
|
||||||
{
|
{
|
||||||
if($file!==false){
|
if ($file!==false){
|
||||||
$fullPath = $path.$file;
|
$fullPath = $path.$file;
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$fullPath = $path;
|
$fullPath = $path;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
|
// Fix for Windows on paths. eg: $path = c:\diego/page/subpage convert to c:\diego\page\subpages
|
||||||
$fullPath = str_replace('/', DS, $fullPath);
|
$fullPath = str_replace('/', DS, $fullPath);
|
||||||
|
|
||||||
if(CHECK_SYMBOLIC_LINKS) {
|
if (CHECK_SYMBOLIC_LINKS) {
|
||||||
$real = realpath($fullPath);
|
$real = realpath($fullPath);
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$real = file_exists($fullPath)?$fullPath:false;
|
$real = file_exists($fullPath)?$fullPath:false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If $real is FALSE the file does not exist.
|
// If $real is FALSE the file does not exist.
|
||||||
if($real===false) {
|
if ($real===false) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If the $real path does not start with the systemPath then this is Path Traversal.
|
// If the $real path does not start with the systemPath then this is Path Traversal.
|
||||||
if(strpos($fullPath, $real)!==0) {
|
if (strpos($fullPath, $real)!==0) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
3
bl-kernel/js/bootstrap.bundle.min.js
vendored
3
bl-kernel/js/bootstrap.bundle.min.js
vendored
File diff suppressed because one or more lines are too long
|
@ -105,10 +105,10 @@ class Language extends dbJSON {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add keys=>values to the current dicionary
|
// Add keys=>values to the current dicionary
|
||||||
// This method overwrite the key=>value
|
// This method don't overwrite the current value
|
||||||
public function add($array)
|
public function add($array)
|
||||||
{
|
{
|
||||||
$this->db = array_merge($array, $this->db);
|
$this->db = array_merge($this->db, $array);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Returns an array with all dictionaries
|
// Returns an array with all dictionaries
|
||||||
|
|
|
@ -88,7 +88,7 @@ class pluginsimpleMDE extends Plugin {
|
||||||
addContentSimpleMDE("!['.$L->get('Image description').']("+filename+")");
|
addContentSimpleMDE("!['.$L->get('Image description').']("+filename+")");
|
||||||
}'.PHP_EOL;
|
}'.PHP_EOL;
|
||||||
|
|
||||||
$html .= '$(document).ready(function() { '.PHP_EOL;
|
//$html .= '$(document).ready(function() { '.PHP_EOL;
|
||||||
$html .= 'simplemde = new SimpleMDE({
|
$html .= 'simplemde = new SimpleMDE({
|
||||||
element: document.getElementById("jseditor"),
|
element: document.getElementById("jseditor"),
|
||||||
status: false,
|
status: false,
|
||||||
|
@ -114,7 +114,7 @@ class pluginsimpleMDE extends Plugin {
|
||||||
title: "'.$L->get('Pagebreak').'",
|
title: "'.$L->get('Pagebreak').'",
|
||||||
}]
|
}]
|
||||||
});';
|
});';
|
||||||
$html .= '}); </script>';
|
$html .= '</script>';
|
||||||
return $html;
|
return $html;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -583,7 +583,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
<meta name="robots" content="noindex,nofollow">
|
<meta name="robots" content="noindex,nofollow">
|
||||||
|
|
||||||
<!-- Favicon -->
|
<!-- Favicon -->
|
||||||
<link rel="shortcut icon" type="image/x-icon" href="bl-kernel/admin/themes/booty/img/favicon.png?version=<?php echo time() ?>">
|
<link rel="shortcut icon" type="image/x-icon" href="bl-kernel/img/favicon.png?version=<?php echo time() ?>">
|
||||||
|
|
||||||
<!-- CSS -->
|
<!-- CSS -->
|
||||||
<link rel="stylesheet" type="text/css" href="bl-kernel/css/bootstrap.min.css?version=<?php echo time() ?>">
|
<link rel="stylesheet" type="text/css" href="bl-kernel/css/bootstrap.min.css?version=<?php echo time() ?>">
|
||||||
|
|
Loading…
Reference in a new issue