Skip to content

Commit

Permalink
putfile : check extension parameter to avoid path traversal
Browse files Browse the repository at this point in the history
  • Loading branch information
@ericferon
ericferon committed Nov 20, 2022
1 parent 79d0867 commit 2a1cded
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
5 changes: 5 additions & 0 deletions archimap.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,11 @@
<author>Eric Feron</author>
</authors>
<versions>
<version>
<num>3.2.16</num>
<compatibility>~10.0.0</compatibility>
<download_url>https://github.com/ericferon/glpi-archimap/releases/download/v3.2.16/archimap-v3.2.16.zip</download_url>
</version>
<version>
<num>3.2.15</num>
<compatibility>~10.0.0</compatibility>
Expand Down
10 changes: 7 additions & 3 deletions drawio-integration/ajax/putfile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,11 @@
die("No 'filename' parameter in POST request 'putfile'");
}
if (isset($_GET['extension'])) {
$extension = rawurldecode($_GET['extension']);
// $extension = rawurldecode($_GET['extension']);
$extension = preg_replace("/[^a-zA-Z]+/", "", rawurldecode($_GET['extension']));
if (!in_array(strtolower($extension), [ 'jpg', 'jpeg', 'gif', 'png' ])) {
die("invalid 'extension' parameter in POST request 'putfile'");
}
} else {
die("No 'extension' parameter in POST request 'putfile'");
}
Expand All @@ -74,11 +78,11 @@
}

file_put_contents("img.{$type}", $data);
if (file_put_contents(getcwd().'/../'.$dir.'/'.$filename.$extension, $data) === false)
if (file_put_contents(getcwd().'/../'.$dir.'/'.$filename.'.'.$extension, $data) === false)
{
header('HTTP/1.1 500 Internal Server Error saving file '.getcwd().'/../'.$dir.'/'.$filename.$extension);
} else {
header('HTTP/1.1 200 OK');
Toolbox::logInFile('putfile', getcwd().'/../'.$dir.'/'.$filename.$extension." saved\n");
Toolbox::logInFile('putfile', getcwd().'/../'.$dir.'/'.$filename.'.'.$extension." saved\n");
}
?>

0 comments on commit 2a1cded

Please sign in to comment.