Skip to content

Commit

Permalink
Update ext.php to serve any file from extensions
Browse files Browse the repository at this point in the history 
Add an extension->getFileUrl() method to facilitate url generation
  • Loading branch information
@marienfressinaud
marienfressinaud committed Dec 4, 2014
1 parent 0316bad commit f9b0377
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 18 deletions.
23 changes: 23 additions & 0 deletions lib/Minz/Extension.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ public function getName() {
public function getEntrypoint() {
return $this->entrypoint;
}
public function getPath() {
return $this->path;
}
public function getAuthor() {
return $this->author;
}
Expand All @@ -93,4 +96,24 @@ private function setType($type) {
}
$this->type = $type;
}

/**
* Return the url for a given file.
*
* @param $filename name of the file to serve.
* @param $type the type (js or css) of the file to serve.
* @return the url corresponding to the file.
*/
public function getFileUrl($filename, $type) {
$dir = end(explode('/', $this->path));
$file_name_url = urlencode($dir . '/' . $filename);

$absolute_path = $this->path . '/' . $filename;
$mtime = @filemtime($absolute_path);

$url = '/ext.php?f=' . $file_name_url .
'&t=' . $type .
'&' . $mtime;
return Minz_Url::display($url);
}
}
37 changes: 19 additions & 18 deletions p/ext.php
View file
Original file line number Diff line number Diff line change
@@ -1,38 +1,39 @@
<?php
if (!isset($_GET['e'])) {
header('HTTP/1.1 400 Bad Request');
die();
}
$extension = substr($_GET['e'], 0, 64);
if (!ctype_alpha($extension)) {
if (!isset($_GET['f']) ||
!isset($_GET['t'])) {
header('HTTP/1.1 400 Bad Request');
die();
}

require('../constants.php');
$filename = FRESHRSS_PATH . '/extensions/' . $extension . '/';

if (isset($_GET['j'])) {
header('Content-Type: application/javascript; charset=UTF-8');
header('Content-Disposition: inline; filename="script.js"');
$filename .= 'script.js';
} elseif (isset($_GET['c'])) {
$file_name = urldecode($_GET['f']);
$file_type = $_GET['t'];

$absolute_filename = EXTENSIONS_PATH . '/' . $file_name;

This comment has been minimized.

Sign in to view

Copy link
@Alkarex

Alkarex Dec 4, 2014

Member

Big security hole here. This gives remote access to any file PHP can read.
$file_name should not be passed in parameter, or if it is really necessary, it should be sanitised very strictly.

This comment has been minimized.

Sign in to view

Copy link
@marienfressinaud

marienfressinaud Dec 4, 2014

Author Member

Oh yes, shame on me! >< I will fix it tomorrow

This comment has been minimized.

Sign in to view

Copy link
@marienfressinaud

marienfressinaud Dec 5, 2014

Author Member

It should be fixed by a2da70f

switch ($file_type) {
case 'css':
header('Content-Type: text/css; charset=UTF-8');
header('Content-Disposition: inline; filename="style.css"');
$filename .= 'style.css';
} else {
header('Content-Disposition: inline; filename="' . $file_name . '"');
break;
case 'js':
header('Content-Type: application/javascript; charset=UTF-8');
header('Content-Disposition: inline; filename="' . $file_name . '"');
break;
default:
header('HTTP/1.1 400 Bad Request');
die();
}

$mtime = @filemtime($filename);
if ($mtime == false) {
$mtime = @filemtime($absolute_filename);
if ($mtime === false) {
header('HTTP/1.1 404 Not Found');
die();
}

require(LIB_PATH . '/http-conditional.php');

if (!httpConditional($mtime, 604800, 2)) {
readfile($filename);
readfile($absolute_filename);
}

1 comment on commit f9b0377

@marienfressinaud
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#252

Please sign in to comment.