Skip to content

Commit

Permalink
Dev: [security] #14753: No control on attachments email files second …
Browse files Browse the repository at this point in the history 
…part

Dev: for notification + register + confirmation
Dev: use DIRECTORY_SEPARATOR ? Needed ?
Dev: don't throw exception for public part (? confirm ?)
  • Loading branch information
@Shnoulle
Shnoulle committed Apr 8, 2019
1 parent 0c04bc6 commit b3d1ec8
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 7 deletions.
7 changes: 4 additions & 3 deletions application/controllers/RegisterController.php
View file
Expand Up @@ -339,10 +339,11 @@ public function sendRegistrationEmail($iSurveyId, $iTokenId)
if (!empty($aAttachments)) {
if (isset($aAttachments['registration'])) {
LimeExpressionManager::singleton()->loadTokenInformation($aSurveyInfo['sid'], $sToken);

foreach ($aAttachments['registration'] as $aAttachment) {
if (LimeExpressionManager::singleton()->ProcessRelevance($aAttachment['relevance'])) {
$aRelevantAttachments[] = $aAttachment['url'];
if(Yii::app()->is_file($aAttachment['url'],Yii::app()->getConfig('uploaddir').DIRECTORY_SEPARATOR."surveys".DIRECTORY_SEPARATOR.$iSurveyId,false)) {
if (LimeExpressionManager::singleton()->ProcessRelevance($aAttachment['relevance'])) {
$aRelevantAttachments[] = $aAttachment['url'];
}
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion application/controllers/admin/tokens.php
View file
Expand Up @@ -1427,7 +1427,7 @@ public function email($iSurveyId)
if (isset($aAttachments[$sTemplate])) {
LimeExpressionManager::singleton()->loadTokenInformation($aData['thissurvey']['sid'], $emrow['token']);
foreach ($aAttachments[$sTemplate] as $aAttachment) {
if(Yii::app()->is_file($aAttachment['url'],Yii::app()->getConfig('uploaddir')."/surveys/{$iSurveyId}")) {
if(Yii::app()->is_file($aAttachment['url'],Yii::app()->getConfig('uploaddir').DIRECTORY_SEPARATOR."surveys".DIRECTORY_SEPARATOR.$iSurveyId)) {
if (LimeExpressionManager::singleton()->ProcessRelevance($aAttachment['relevance'])) {
$aRelevantAttachments[] = $aAttachment['url'];
}
Expand Down
6 changes: 3 additions & 3 deletions application/helpers/frontend_helper.php
View file
Expand Up @@ -486,7 +486,7 @@ function submittokens($quotaexit = false)
foreach ($aAttachments['confirmation'] as $aAttachment) {
$relevance = $aAttachment['relevance'];
// If the attachment is relevant it will be added to the mail.
if (LimeExpressionManager::ProcessRelevance($relevance) && file_exists($aAttachment['url'])) {
if (LimeExpressionManager::ProcessRelevance($relevance) && Yii::app()->is_file($aAttachment['url'],Yii::app()->getConfig('uploaddir').DIRECTORY_SEPARATOR."surveys".DIRECTORY_SEPARATOR.$surveyid,false)) {
$aRelevantAttachments[] = $aAttachment['url'];
}
}
Expand Down Expand Up @@ -623,7 +623,7 @@ function sendSubmitNotifications($surveyid)
foreach ($aAttachments['admin_notification'] as $aAttachment) {
$relevance = $aAttachment['relevance'];
// If the attachment is relevant it will be added to the mail.
if (LimeExpressionManager::ProcessRelevance($relevance) && file_exists($aAttachment['url'])) {
if (LimeExpressionManager::ProcessRelevance($relevance) && Yii::app()->is_file($aAttachment['url'],Yii::app()->getConfig('uploaddir').DIRECTORY_SEPARATOR."surveys".DIRECTORY_SEPARATOR.$surveyid,false)) {
$aRelevantAttachments[] = $aAttachment['url'];
}
}
Expand Down Expand Up @@ -651,7 +651,7 @@ function sendSubmitNotifications($surveyid)
foreach ($aAttachments['detailed_admin_notification'] as $aAttachment) {
$relevance = $aAttachment['relevance'];
// If the attachment is relevant it will be added to the mail.
if (LimeExpressionManager::ProcessRelevance($relevance) && file_exists($aAttachment['url'])) {
if (LimeExpressionManager::ProcessRelevance($relevance) && Yii::app()->is_file($aAttachment['url'],Yii::app()->getConfig('uploaddir').DIRECTORY_SEPARATOR."surveys".DIRECTORY_SEPARATOR.$surveyid,false)) {
$aRelevantAttachments[] = $aAttachment['url'];
}
}
Expand Down

0 comments on commit b3d1ec8

Please sign in to comment.