Skip to content
Permalink
Browse files

Filter uploaded files before extracting

  • Loading branch information...
pmeenan committed Jan 16, 2018
1 parent d6950f0 commit c026e4799455b8bc06c8e40f137d800d8d6803cc
Showing with 32 additions and 22 deletions.
  1. +16 −0 www/common_lib.inc
  2. +0 −17 www/work/resultimage.php
  3. +16 −5 www/work/workdone.php
@@ -3061,3 +3061,19 @@ function MakeUTF8($mixed) {
return $mixed;
}
/**
* Checks if the fileName contains invalid characters or has an invalid extension
* @param $fileName string The filename to check
* @return bool true if accepted for an upload, false otherwise
*/
function validateUploadFileName($fileName) {
if (strpos($fileName, '..') !== false ||
strpos($fileName, '/') !== false ||
strpos($fileName, '\\') !== false) {
return false;
}
$parts = pathinfo($fileName);
$ext = strtolower($parts['extension']);
// TODO: shouldn't this be a whitelist?
return !in_array($ext, array('php', 'pl', 'py', 'cgi', 'asp', 'js', 'rb', 'htaccess', 'jar'));
}
@@ -36,23 +36,6 @@
}
/**
* Checks if the fileName contains invalid characters or has an invalid extension
* @param $fileName string The filename to check
* @return bool true if accepted for an upload, false otherwise
*/
function validateUploadFileName($fileName) {
if (strpos($fileName, '..') !== false ||
strpos($fileName, '/') !== false ||
strpos($fileName, '\\') !== false) {
return false;
}
$parts = pathinfo($fileName);
$ext = strtolower($parts['extension']);
// TODO: shouldn't this be a whitelist?
return !in_array($ext, array('php', 'pl', 'py', 'cgi', 'asp', 'js', 'rb', 'htaccess', 'jar'));
}
/**
* @param $testRoot string Root directory for the test
* @param $fileName string Name of the uploaded file
@@ -465,11 +465,22 @@ function ExtractZipFile($file, $testPath) {
logTestMsg($id, "Extracting $zipsize byte uploaded file '$file' to '$testPath'");
$zip = new ZipArchive();
if ($zip->open($file) === TRUE) {
$extractPath = realpath($testPath);
if ($extractPath !== false) {
if (!$zip->extractTo($extractPath))
logTestMsg($id, "Error extracting uploaded zip file '$file' to '$testPath'");
$zip->close();
$valid = true;
// Make sure all of the uploaded files are appropriate
for ($i=0; $i < $zip->numFiles; $i++) {
$entry = $zip->getNameIndex($i);
if (substr($entry, -1) == '/') continue; // skip directories
$fileName = basename($entry);
if (!validateUploadFileName($fileName))
$valid = false;
}
if ($valid) {
$extractPath = realpath($testPath);
if ($extractPath !== false) {
if (!$zip->extractTo($extractPath))
logTestMsg($id, "Error extracting uploaded zip file '$file' to '$testPath'");
$zip->close();
}
}
} else {
logTestMsg($id, "Error opening uploaded zip file '$file'");

0 comments on commit c026e47

Please sign in to comment.
You can’t perform that action at this time.