Permalink
Browse files

Security fix! Big thank you to Matthias <http://blog.yumdap.net/> for…

… spotting it!

* add static routes (to avoid 'file inclusion vulnerability')
* move routing to Router class

again, thanks Matthias!
  • Loading branch information...
chris-blues committed Nov 5, 2017
1 parent b835a19 commit 0e8c4360925d2a034feaff5cc71812dc21f3fcd3
@@ -9,6 +9,7 @@ You're welcome for contributing or testing though! :o)<br>


### ToDo:
* archivate sent newsletters
* admin UI:
* protect admin dir with .htaccess/.htpasswd + add UI accordingly
(not so sure this is practical, will be tied to Apache...)
@@ -71,6 +71,14 @@
}
if (isset($error)) {
$logTimeFormat = date("Y-m-d");
file_put_contents(
$cbNewsletter["basedir"] . "/admin/logs/debug_" . $logTimeFormat . ".log",
"\n\n=============================================================================================================================\n" . date("Y-m-d H:i:s") . "\n\n" . $Debugout->output(true),
FILE_APPEND | LOCK_EX
);
}
$cbNewsletter_endTime = microtime();
@@ -0,0 +1,13 @@
<?php
return array(
"" => "/admin/actions/subscriptions.action.php",
"subscriptions" => "/admin/actions/subscriptions.action.php",
"config" => "/admin/actions/config.action.php",
"create_newsletter" => "/admin/actions/create_newsletter.action.php",
"send_newsletter" => "/admin/actions/send_newsletter.action.php",
);
?>
@@ -57,19 +57,16 @@
// ================ routing ================
// =================== Routing ===================
if (isset($_GET["view"]) and strlen($_GET["view"]) > 1 and $_GET["view"] != "subscriptions") {
include_once(checkout("/admin/actions/" . $_GET["view"] . ".action.php"));
include_once(checkout(
Router::load("/admin/lib/routes.php")
->direct($cbNewsletter["config"]["view"])
));
} else {
include_once(checkout("/admin/actions/subscriptions.action.php"));
}
// ================ routing ================
// =================== Routing ===================
@@ -81,7 +81,7 @@
if ($debug and isset($error)) {
if (isset($error)) {
cbNewsletter_showErrors($error);
}
@@ -92,7 +92,7 @@
$logTimeFormat = date("Y-m-d");
file_put_contents(
$cbNewsletter["basedir"] . "/admin/logs/debug_" . $logTimeFormat . ".log",
$Debugout->output(true),
"\n\n=============================================================================================================================\n" . date("Y-m-d H:i:s") . "\n\n" . $Debugout->output(true),
FILE_APPEND | LOCK_EX
);
}
@@ -10,6 +10,16 @@
include_once(checkout("/lib/classes/Router.class.php"));
include_once(checkout("/lib/classes/Request.class.php"));
$cbNewsletter["config"]["view"] = Request::view();
$Debugout->add("\$cbNewsletter[\"config\"][\"view\"] set to", $cbNewsletter["config"]["view"]);
// General functions
include_once(checkout("/lib/classes/HTML.class.php"));
$HTML = new HTML;
@@ -2,9 +2,7 @@
$Debugout->add("<pre><b>[ bootstrap ]</b>");
if (isset($_GET["view"])) {
$cbNewsletter["config"]["view"] = $_GET["view"];
}
// Other classes
@@ -15,6 +13,8 @@
// common bootstrap
include_once(checkout("/lib/bootstrap.common.php"));
@@ -0,0 +1,25 @@
<?php
class Request {
public static function view() {
global $Debugout;
if (isset($_GET["view"])) {
$view = $_GET["view"];
} else {
$view = "";
}
return $view;
}
}
?>
@@ -0,0 +1,52 @@
<?php
class Router {
protected $routes = array();
public static function load($file) {
$Router = new static;
$Router->routes = include_once(checkout($file));
return $Router;
}
public function direct($view) {
global $Debugout, $error;
if (array_key_exists($view, $this->routes)) {
$route = $this->routes[$view];
$Debugout->add(
"directing known view '" . $view . "' to",
$route
);
return $route;
} else {
$route = $this->routes[""];
$error["routing"]["invalid_route"] = $view;
$Debugout->add(
"directing unknown view '" . $view . "' to error page"
);
return "/views/error.view.php";
}
}
}
?>
@@ -0,0 +1,15 @@
<?php
return array(
"" => "/views/subscription.form.php",
"enter_subscription" => "/actions/enter_subscription.action.php",
"manage_subscription" => "/actions/manage_subscription.action.php",
"verify_subscription" => "/actions/verify_subscription.action.php",
"verify_unsubscription" => "/action/verify_unsubscription.action.php",
);
?>
@@ -2,7 +2,6 @@
$Debugout->add("<pre><b>[ routing ]</b>");
// =================== Routing ===================
// ================ pre display ================
@@ -52,17 +51,16 @@
// =================== Routing ===================
if (isset($cbNewsletter["config"]["view"]) and strlen($cbNewsletter["config"]["view"]) > 1) {
include_once(checkout("/actions/" . $_GET["view"] . ".action.php"));
} else {
include_once(checkout("/views/subscription.form.php"));
include_once(checkout(
Router::load("/lib/routes.php")
->direct($cbNewsletter["config"]["view"])
));
}
// =================== Routing ===================
@@ -76,7 +74,7 @@
// =============== post display ================
// =================== Routing ===================
$Debugout->add("</pre>");
@@ -0,0 +1,4 @@

<h1><?php echo gettext("Error") ?></h1>

<p><?php echo gettext("An error has occured. Most likely the link is broken. Please try again and make sure that you use the complete and correct link."); ?></p>

0 comments on commit 0e8c436

Please sign in to comment.