Skip to content

Commit

Permalink
Fix directory traversal of .ctp files
Browse files Browse the repository at this point in the history
  • Loading branch information
@chinpei215
chinpei215 committed Nov 27, 2016
1 parent 02df9ff commit 74c2ded
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 1 deletion.
6 changes: 5 additions & 1 deletion app/Controller/PagesController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,9 @@ class PagesController extends AppController {
* Displays a view
*
* @return void
* @throws ForbiddenException When a directory traversal attempt.
* @throws NotFoundException When the view file could not be found
* or MissingViewException in debug mode.
* or MissingViewException in debug mode.
*/
public function display() {
$path = func_get_args();
Expand All @@ -51,6 +52,9 @@ public function display() {
if (!$count) {
return $this->redirect('/');
}
if (in_array('..', $path, true) || in_array('.', $path, true)) {
throw new ForbiddenException();
}
$page = $subpage = $title_for_layout = null;

if (!empty($path[0])) {
Expand Down
4 changes: 4 additions & 0 deletions lib/Cake/Console/Templates/skel/Controller/PagesController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ class PagesController extends AppController {
* Displays a view
*
* @return void
* @throws ForbiddenException When a directory traversal attempt.
* @throws NotFoundException When the view file could not be found
* or MissingViewException in debug mode.
*/
Expand All @@ -42,6 +43,9 @@ public function display() {
if (!$count) {
return $this->redirect('/');
}
if (in_array('..', $path, true) || in_array('.', $path, true)) {
throw new ForbiddenException();
}
$page = $subpage = $title_for_layout = null;

if (!empty($path[0])) {
Expand Down
17 changes: 17 additions & 0 deletions lib/Cake/Test/Case/Controller/PagesControllerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,4 +75,21 @@ public function testMissingViewInDebug() {
$Pages = new PagesController(new CakeRequest(null, false), new CakeResponse());
$Pages->display('non_existing_page');
}

/**
* Test directory traversal protection
*
* @expectedException ForbiddenException
* @expectedExceptionCode 403
* @return void
*/
public function testDirectoryTraversalProtection() {
App::build(array(
'View' => array(
CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS
)
));
$Pages = new PagesController(new CakeRequest(null, false), new CakeResponse());
$Pages->display('..', 'Posts', 'index');
}
}

0 comments on commit 74c2ded

Please sign in to comment.