Permalink
Browse files

user contributed security fixes thanks to Eric Sesterhenn

  • Loading branch information...
1 parent 4df5255 commit 469e108f8b4ddb79d7bf1a3e62063aacad86abe3 @OliverLeitner committed Jan 17, 2014
View
@@ -11,7 +11,7 @@
$name=$_GET['name'];
$uid=md5($_SERVER['REMOTE_ADDR'].$name); //multi user stuff...
-$source="avconv -re -i '{$file}'";
+$source=escapeshellcmd("avconv -re -i '{$file}'");
$target="tcp://127.0.0.1:6666?pkt_size=650"; //1613
//$presets = "-threads 2";
@@ -26,11 +26,13 @@
$output = "-f flv -r 30 -metadata streamName=".$uid;
+$subtitles = "-c:s copy";
+
$check_cmd = "ps auxf |grep {$uid} |awk '{ print $13}' |grep avconv";
$checked = exec($check_cmd);
//only start encoder if its not already running...
if($checked == ""){
- passthru("{$init} {$source} {$presets} {$audio} {$video} {$output} '{$target}'",$returnval);
+ passthru("{$init} {$source} {$presets} {$audio} {$video} {$subtitles} {$output} '{$target}'",$returnval);
}
?>
View
@@ -83,17 +83,16 @@ function time_ago($timestamp, $recursive = 0)
function dirEmpty($dirname,$allowed){
$has_allowed = FALSE;
$findtype = "";
- $excludedirs = '-not -path "*svn*|*etc*|*root*|*lost+found*|*boot*"';
+ $excludedirs = '-not -path "*svn*|*etc*|*root*|*lost+found*|*boot*|*app*"';
foreach($allowed["video"] AS $key => $ending){
- $findtype .= "-name \*.".$ending." -o ";
+ $findtype .= "-name *.".$ending." -o ";
}
$findtype = rtrim($findtype," -o ");
-
- //we dont run this if were on top of em all...
- if($_GET["dir"] != "/")
- $result = exec("find '".$dirname."' -not -path ".$excludedirs." -type f ".$findtype);
+ //we dont run this if were on top of em all...
+ if($_GET["dir"] != "/")
+ $result = exec("find '".escapeshellcmd($dirname)."' -not -path ".escapeshellcmd($excludedirs)." -type f ".escapeshellcmd($findtype));
if($result != "" || $_GET["dir"] == "/"){
$has_allowed = TRUE;
}
View
@@ -33,10 +33,15 @@
$this_script = basename(__FILE__);
$this_folder = $_GET['dir'];
+$this_folder = str_replace("..", "", $this_folder);
+
+//if you have all your files in subfolders relative to the directory that contains this file, please uncomment
+//the following line for further security
+//$this_folder = dirname(__FILE__).$this_folder;
//always root to / if no param given
if(!isset($_GET['dir'])){
- $_GET['dir'] = $this_script."?dir=/";
+ $this_folder = $this_script."?dir=/";
header("Location: ".$this_script."?dir=/");
}
@@ -55,15 +60,15 @@
if ($file != "." && $file != ".." && $file != './' && $file != $this_script)
{
// Get file info.
- $stat = stat($_GET['dir'].$file); // ... slow, but faster than using filemtime() & filesize() instead.
- $info = pathinfo($_GET['dir'].$file);
+ $stat = stat($this_folder.$file); // ... slow, but faster than using filemtime() & filesize() instead.
+ $info = pathinfo($this_folder.$file);
// Organize file info.
- $item['dir'] = $_GET['dir'];
+ $item['dir'] = $this_folder;
- if(is_file($_GET['dir'].$file)){
- $item['name'] = $info['filename'];
+ if(is_file($this_folder.$file)){
+ $item['name'] = $info['filename'];
} else {
- $item['name'] = $info['basename'];
+ $item['name'] = $info['basename'];
}
$item['lname'] = strtolower($info['filename']);
@@ -80,7 +85,7 @@
if(is_file($item['dir'].$item['name'].".".$item['ext']))
{
//filter out all files we do not want to show...
- if(in_array($info['extension'],$include_files))
+ if(in_array($item['ext'],$filetype['video']))
{
array_push($file_list, $item);
}
@@ -124,7 +129,7 @@
$has_files = dirEmpty($item["dir"].$item["name"],$filetype);
if($has_files == TRUE){
$listfolders .= '<tr class="folder">
- <td colspan="3" class="name"><img src="'.$this_script.'?image='.$item['ext'].'" alt="'.$item['ext'].'" /><a href="?dir='.urlencode($item['dir']).urlencode($item['name']).'/">'.$item['name'].'</a></td>
+ <td colspan="3" class="name"><img src="images/folder.png" alt="'.$item['name'].'" /><a href="?dir='.urlencode($item['dir']).urlencode($item['name']).'/">'.$item['name'].'</a></td>
</tr>';
}
}
@@ -136,19 +141,19 @@
//creating thumbnail for the player on player load
$filename = preg_replace("/ /","_",$item['name'].".".$item['ext']);
$dirname = dirname($item['dir'].$item['name'].'.'.$item['ext']);
- $cmd_thumb = "avconv -ss 00:02:00 -t 1 -i '".$item['dir'].$item['name'].".".$item['ext']."' -r 16 -qscale 1 -s 320x240 -f image2 '".$thumbs_dir.$filename."_thumb.png'";
- $out_duration_cmd = "avconv -i '".$item['dir'].$item['name'].".".$item['ext']."' 2>&1 | grep Duration > '".$meta_dir.$filename.".txt'";
+ $cmd_thumb = "avconv -ss 00:02:00 -t 1 -i '".escapeshellcmd($item['dir'].$item['name']).".".escapeshellcmd($item['ext'])."' -r 16 -qscale 1 -s 320x240 -f image2 '".escapeshellcmd($thumbs_dir.$filename)."_thumb.png'";
+ $out_duration_cmd = "avconv -i '".escapeshellcmd($item['dir'].$item['name']).".".escapeshellcmd($item['ext'])."' 2>&1 | grep Duration > '".escapeshellcmd($meta_dir.$filename).".txt'";
if(!file_exists($thumbs_dir.$filename."_thumb.png")){
- exec($cmd_thumb);
+ exec($cmd_thumb);
compress_image($thumbs_dir.$filename."_thumb.png", $thumbs_dir.$filename."_thumb.png", 60);
gzcompress($thumbs_dir.$filename."_thumb.png");
}
if(!file_exists($meta_dir.$filename.".txt")){
exec($out_duration_cmd);
}
- $out_duration = exec("cat ".$meta_dir.$filename.".txt");
+ $out_duration = exec("cat ".escapeshellcmd($meta_dir.$filename).".txt");
$out_duration = str_replace(",","<br />",$out_duration);
- $popup_link = 'popitup(\'player.php?name='.urlencode($item['dir']).urlencode($item['name']).'.'.$item['ext'].'&amp;file='.urlencode($item['name']).'.'.$item['ext'].'&amp;type='.$item['type'].'&t='.mktime().'\')';
+ $popup_link = 'popitup(\'player.php?name='.$item['dir'].$item['name'].'.'.$item['ext'].'&amp;file='.$item['name'].'.'.$item['ext'].'&amp;type='.$item['type'].'&t='.mktime().'\')';
$listfiles .= '<tr class="file">
<td class="thumb"><a href="#'.urlencode($item['name']).'" onclick="'.$popup_link.'"><img src="'.$thumbs_dir.$filename.'_thumb.png" width="200" border="0" /></a></td>
<td class="name" id="'.$item['name'].'"><img src="'.$this_script.'?image='.$item['ext'].'" alt="'.$item['ext'].'" /><a href="#'.urlencode($item['name']).'" onclick="'.$popup_link.'">'.$item['name'].'.'.$item['ext'].'</a><br />'.$out_duration.'</td>
View
@@ -8,10 +8,10 @@
$jq_dir = $js_dir.$jquery;
//grab the full filepath...
-$name = addslashes(ltrim(urldecode($_GET['name']),"/"));
+$name = addslashes(ltrim(urldecode(str_replace("..", "", $_GET['name'])),"/"));
$type = $_GET['type'];
$title = urldecode($_GET['name']);
-$file = addslashes(urldecode($_GET['file']));
+//$file = addslashes(urldecode($_GET['file']));
//for multiuser support we use client ip and chosen file
$uid = md5($_SERVER['REMOTE_ADDR'].$_GET['file']);
@@ -21,8 +21,9 @@
//creating thumbnail for the player on player load
$filename = preg_replace("/ /","_",$_GET["file"]);
-$dirname = dirname("/".$name);
-$cmd_thumb = "avconv -ss 00:3:00 -t 1 -i '/".$name."' -r 16 -qscale 1 -s 320x240 -f image2 '".$thumbs_dir.$filename."_thumb.png'";
+$filename = str_replace("..", "", $filename);
+$dirname = dirname(dirname(__FILE__)."/".$name);
+$cmd_thumb = "avconv -ss 00:3:00 -t 1 -i '/".escapeshellcmd($name)."' -r 16 -qscale 1 -s 320x240 -f image2 '".escapeshellcmd($thumbs_dir.$filename)."_thumb.png'";
if(!file_exists($thumbs_dir.$filename."_thumb.png")){
exec($cmd_thumb);
compress_image($thumbs_dir.$filename."_thumb.png", $thumbs_dir.$filename."_thumb.png", 60);
@@ -38,20 +39,21 @@
/* global vars possible to set... */
$tag = "<div id=\"css-poster\" class=\"player minimalist is-splash\" data-rtmp=\"rtmp://".$crtmpserver."/live\" data-engine=\"flash\">
-<video id=\"container1\" class=\"player projekktor\" poster=\"".$thumbs_dir.$filename."_thumb.png\" data-engine=\"html5\" width=\"".$width."\" height=\"".$height."\" title=\"".$title."\" controls>";
+<video id=\"container1\" class=\"player projekktor\" poster=\"".htmlentities($thumbs_dir.$filename)."_thumb.png\" data-engine=\"html5\" width=\"".$width."\" height=\"".$height."\" title=\"".htmlentities($title)."\" controls>";
/* global definitions for all other players but flowplayer */
if($name_cmd == $uid){
$long_src = "rtmp://".$crtmpserver."/live/flv:".$name_cmd;
$short_src = $name_cmd;
$default_src = "rtmp://".$crtmpserver."/live/".$name_cmd;
- $tag .= "<source src=\"".$long_src."\" type=\"".$type."\" />";
+ $tag .= "<source src=\"".htmlentities($long_src)."\" type=\"".htmlentities($type)."\" />";
} else {
$long_src = "https://".$storageserver.":".$storageport."/".$name_cmd;
$short_src = $long_src;
$default_src = $long_src;
- $tag .= "<source src=\"".$long_src."\" type=\"".$type."\" />";
+
+ $tag .= "<source src=\"".htmlentities($long_src)."\" type=\"".htmlentities($type)."\" />";
}
$tag .= "</video>
</div>";
@@ -9,15 +9,15 @@
$headscript .= '<script type="text/javascript">
flowplayer.conf.rtmp = "rtmp://'.$crtmpserver.'/live";
flowplayer.conf.muted = "true";
- flowplayer.conf.native_fullscreen = "false";
+ flowplayer.conf.native_fullscreen = "true";
flowplayer.conf.live = "false";
</script>';
$contentscript = "";
-$tag = '<div class="flowplayer" poster="'.$thumbs_dir.$filename.'_thumb.png" data-rtmp="rtmp://'.$crtmpserver.'/live" data-engine="flash">
+$tag = '<div class="flowplayer" poster="'.htmlentities($thumbs_dir.$filename).'_thumb.png" data-rtmp="rtmp://'.$crtmpserver.'/live" data-engine="flash">
<video>
- <source type="'.$type.'" src="'.$short_src.'" />
+ <source type="'.htmlentities($type).'" src="'.htmlentities($short_src).'" />
</video>
</div>';
?>
@@ -10,11 +10,9 @@
$contentscript = "<script type=\"text/javascript\">
jwplayer('container1').setup({
- file: '".$long_src."',
- image: '".$thumbs_dir.$filename."_thumb.png',
+ file: '".htmlentities(str_replace($quotes, "", $long_src))."',
+ image: '".htmlentities(str_replace($quotes, "",$thumbs_dir.$filename))."_thumb.png',
'rtmp.subscribe': 'false',
- width: '".$width."',
- height: '".$height."',
primary: 'flash'
});
</script>";
@@ -2,20 +2,21 @@
ini_set("display_errors","Off");
/* projekktor definitions */
+$quotes = array("'", '"');
$style = "<link rel=\"stylesheet\" href=\"".$js_dir."projekktor/themes/maccaco/projekktor.style.css\" type=\"text/css\" media=\"screen\" />";
$headscript = "<script type=\"text/javascript\" src=\"".$js_dir."projekktor/projekktor-1.3.08.min.js\"></script>";
$contentscript .= "<script type=\"text/javascript\">
$(document).ready(function() {
projekktor('#container1', {
- poster: '".$thumbs_dir.$filename."_thumb.png',
+ poster: '".htmlentities(str_replace($quotes, "", $thumbs_dir.$filename))."_thumb.png',
playerFlashMP4: '".$js_dir."projekktor/swf/StrobeMediaPlayback/StrobeMediaPlayback.swf',
playerFlashMP3: '".$js_dir."projekktor/swf/StrobeMediaPlayback/StrobeMediaPlayback.swf',
useYTIframeAPI: 'true',
platforms: ['flash', 'native', 'vlc', 'browser', 'android', 'ios'],
- title: '".$name_cmd."',
+ title: '".htmlentities(str_replace($quotes, "", $name_cmd))."',
controls: 'true',
playlist: [{
- 0:{src:'".$default_src."',type:'".$type."'},
+ 0:{src:'".htmlentities(str_replace($quotes, "", $default_src))."',type:'".htmlentities(str_replace($quotes, "", $type))."'},
config:{streamType:'rtmp', streamServer:'rtmp://".$crtmpserver."/live'}
}]
});
View
@@ -14,7 +14,7 @@ function doIndex($style,$jsroot,$jquery,$height,$width,$folder,$list_folders,$li
$template = file_get_contents("templates/index.html");
$template = str_replace("###width###", $width+20, $template); //we are adding 20px for the controls...
$template = str_replace("###height###", $height, $template);
- $template = str_replace("###folder###", $folder, $template);
+ $template = str_replace("###folder###", htmlentities($folder), $template);
$template = str_replace("###list_folders###", $list_folders, $template);
$template = str_replace("###list_files###", $list_files, $template);
$template = str_replace("###js_dir###", $jsroot, $template);
View
@@ -14,7 +14,7 @@ function doPlayer($main_style,$style,$headscript,$title,$tag,$bodyscript,$js_dir
$template = file_get_contents("templates/player.html");
$template = str_replace("###players_styles###", $style, $template);
$template = str_replace("###players_scripts###", $headscript, $template);
- $template = str_replace("###title###", $title, $template);
+ $template = str_replace("###title###", htmlentities($title), $template);
$template = str_replace("###players_content_tag###", $tag, $template);
$template = str_replace("###players_content_script###", $bodyscript, $template);
$template = str_replace("###js_dir###", $js_dir, $template);

0 comments on commit 469e108

Please sign in to comment.