Skip to content

Commit

Permalink
Fixed issue: [security] Disallowed files can be uploaded in template …
Browse files Browse the repository at this point in the history 
…editor
  • Loading branch information
@c-schmitz
c-schmitz committed Jun 6, 2016
1 parent 99f1262 commit 8236bbc
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 22 deletions.
2 changes: 1 addition & 1 deletion application/config/config-defaults.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@
$config['userideditable'] = 'N'; // Allow editing of user IDs
$config['defaulttemplate'] = 'default'; // This setting specifys the default theme used for the 'public list' of surveys

$config['allowedtemplateuploads'] = 'gif,ico,jpg,png,css,js,map,json,eot,svg,ttf,woff,txt,md'; // File types allowed to be uploaded in the templates section.
$config['allowedtemplateuploads'] = 'gif,ico,jpg,png,css,js,map,json,eot,svg,ttf,woff,txt,md,xml'; // File types allowed to be uploaded in the templates section.

$config['allowedresourcesuploads'] = '7z,aiff,asf,avi,bmp,csv,doc,docx,fla,flv,gif,gz,gzip,ico,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xlsx,xml,zip,pstpl,css,js'; // File types allowed to be uploaded in the resources sections, and with the HTML Editor

Expand Down
44 changes: 33 additions & 11 deletions application/controllers/admin/templates.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ public function upload()
die('No permission');
}

Yii::app()->loadHelper('admin/template');
$lid = returnGlobal('lid');
$action = returnGlobal('action');

Expand All @@ -115,9 +116,14 @@ public function upload()

Yii::app()->loadLibrary('admin.pclzip');

if ($_FILES['the_file']['error']==1 || $_FILES['the_file']['error']==2)
{
Yii::app()->setFlashMessage(sprintf(gT("Sorry, this file is too large. Only files up to %01.2f MB are allowed."), getMaximumFileUploadSize()/1024/1024),'error');
$this->getController()->redirect(array("admin/templates/sa/upload"));
}

$zip = new PclZip($_FILES['the_file']['tmp_name']);

// Create temporary directory so that if dangerous content is unzipped it would be unaccessible
$sNewDirectoryName=sanitize_dirname(pathinfo($_FILES['the_file']['name'], PATHINFO_FILENAME ));
$destdir = Yii::app()->getConfig('usertemplaterootdir').DIRECTORY_SEPARATOR.$sNewDirectoryName;

Expand All @@ -140,35 +146,51 @@ public function upload()

if (is_file($_FILES['the_file']['tmp_name']))
{
$aExtractResult=$zip->extract(PCLZIP_OPT_PATH, $destdir);
$aExtractResult=$zip->extract(PCLZIP_OPT_PATH, $destdir, PCLZIP_CB_PRE_EXTRACT, 'templateExtractFilter');
if ($aExtractResult===0)
{
Yii::app()->user->setFlash('error',gT("This file is not a valid ZIP file archive. Import failed."));
rmdirr($destdir);
$this->getController()->redirect(array("admin/templates/sa/upload"));
}
else
{

// Successfully unpacked
foreach($aExtractResult as $sFile)
{
$aImportedFilesInfo[] = Array(
"filename" => $sFile['stored_filename'],
"status" => gT("OK"),
'is_folder' => $sFile['folder']
);
if ($sFile['status']=='skipped')
{
$aErrorFilesInfo[] = array(
"filename" => $sFile['stored_filename'],
);
}
else
{
$aImportedFilesInfo[] = array(
"filename" => $sFile['stored_filename'],
"status" => gT("OK"),
'is_folder' => $sFile['folder']
);
}
}
if (!Template::checkIfTemplateExists($sNewDirectoryName))
{
Yii::app()->user->setFlash('error',gT("This ZIP archive did not contain a template. Import failed."));
rmdirr($destdir);
$this->getController()->redirect(array("admin/templates/sa/upload"));
}
}

if (count($aErrorFilesInfo) == 0 && count($aImportedFilesInfo) == 0)
if (count($aImportedFilesInfo) == 0)
{
Yii::app()->user->setFlash('error',gT("This ZIP archive contains no valid template files. Import failed."));
$this->getController()->redirect(array("admin/templates/sa/upload"));
}
}
else
{
Yii::app()->user->setFlash('error',sprintf(gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."), $basedestdir));

Yii::app()->user->setFlash('error',sprintf(gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."), Yii::app()->getConfig('usertemplaterootdir')));
rmdirr($destdir);
$this->getController()->redirect(array("admin/templates/sa/upload"));
}

Expand Down
18 changes: 9 additions & 9 deletions application/views/admin/templates/importuploaded_view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,35 +29,35 @@
<div class="col-sm-11 col-sm-offset-1 content-right">
<!-- Message box from super admin -->
<div class="jumbotron message-box <?php echo $class;?>">
<h2 ><?php eT("Import template") ?></h2>
<h2 ><?php eT("Import template result:") ?></h2>

<p class='lead <?php echo $statusClass;?>'>
<?php echo $status ?>
</p>

<p>
<strong><u><?php eT("Resources import summary") ?></u></strong><br />
<?php echo gT("Total files imported") . ": $okfiles" ?><br />
<?php echo gT("Total errors") . ": $errfiles" ?><br />
<?php echo gT("Files imported:") . " $okfiles" ?><br />
<?php echo gT("Files skipped:") . " $errfiles" ?><br />
</p>
<p>
<?php
if (count($aImportedFilesInfo) > 0)
{
?>
<br /><strong><u><?php eT("Imported Files List") ?>:</u></strong><br />
<br /><strong><u><?php eT("Imported files:") ?></u></strong><br />
<ul style="max-height: 250px; overflow-y:scroll;" class="list-unstyled">
<?php
foreach ($aImportedFilesInfo as $entry)
{
if ($entry['is_folder']){
?>
<li><?php echo gT("Folder") . ": " . htmlspecialchars($entry["filename"],ENT_QUOTES,'utf-8'); ?></li>
<li><?php echo gT("Folder:") . " " . htmlspecialchars($entry["filename"],ENT_QUOTES,'utf-8'); ?></li>
<?php
}
else
{ ?>
<li><?php echo gT("File") . ": " . htmlspecialchars($entry["filename"],ENT_QUOTES,'utf-8'); ?></li>
<li><?php echo gT("File:") . " " . htmlspecialchars($entry["filename"],ENT_QUOTES,'utf-8'); ?></li>


<?php
Expand All @@ -68,13 +68,13 @@
{
?>
</ul>
<br /><strong><u><?php eT("Error files list") ?>:</u></strong><br />
<ul class="list-unstyled">
<br /><strong><u><?php eT("Skipped files:") ?></u></strong><br />
<ul style="max-height: 250px; overflow-y:scroll;" class="list-unstyled">
<?php
foreach ($aErrorFilesInfo as $entry)
{
?>
<li><?php echo gT("File") . ": " . $entry["filename"] ?></li>
<li><?php echo gT("File:") . " " . $entry["filename"] ?></li>
<?php
}
}
Expand Down
2 changes: 1 addition & 1 deletion application/views/admin/templates/templateeditorbar_view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ function copyprompt(text, defvalue, copydirectory, action)
<input type='hidden' name='action' value='templateupload' />
<div class="form-group">
<label for='the_file'><?php eT("Select template ZIP file:") ?></label>
<input id='the_file' name='the_file' type="file" />
<input id='the_file' name='the_file' type="file" accept='.zip' />
<?php printf(gT('(Maximum file size: %01.2f MB)'),getMaximumFileUploadSize()/1024/1024); ?>
</div>
</div>
Expand Down

0 comments on commit 8236bbc

Please sign in to comment.