Skip to content
Permalink
Browse files Browse the repository at this point in the history
sanitize the image path before processing
  • Loading branch information
knight-of-ni committed Jan 25, 2017
1 parent 13dc11b commit 8b19fca
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 72 deletions.
56 changes: 0 additions & 56 deletions web/views/file.php

This file was deleted.

31 changes: 15 additions & 16 deletions web/views/image.php
Expand Up @@ -78,24 +78,23 @@ function imagescale($image, $new_width, $new_height = -1, $mode = 0)
} else {
$errorText = "No image path";
}
}
else
{
$path = ZM_DIR_EVENTS . '/' . $_REQUEST['path'];
if ( !empty($user['MonitorIds']) )
{
$imageOk = false;
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId )
{
if ( $pathMonId == $monId )
{
$imageOk = true;
break;
} else {
$path = realpath(ZM_DIR_EVENTS . '/' . $_REQUEST['path']);
if(strpos($path, ZM_DIR_EVENTS) == 0 && strpos($path, ZM_DIR_EVENTS) === true) {
if ( !empty($user['MonitorIds']) ) {
$imageOk = false;
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) {
if ( $pathMonId == $monId ) {
$imageOk = true;
break;
}
}
if ( !$imageOk )
$errorText = "No image permissions";
}
if ( !$imageOk )
$errorText = "No image permissions";
} else {
$errorText = "Invalid image path";
}
}

Expand Down

0 comments on commit 8b19fca

Please sign in to comment.