Remove system information paths from the "Download Configuration" But…

…tons Fixes #9252 Fixes #9280
joomla · Mar 3, 2016 · 8159473 · 8159473
1 parent 708da87
commit 8159473
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 10 deletions.
diff --git a/administrator/components/com_admin/models/sysinfo.php b/administrator/components/com_admin/models/sysinfo.php
@@ -72,6 +72,7 @@ class AdminModelSysInfo extends JModelLegacy
 			'Cookie',
 			'DOCUMENT_ROOT',
 			'extension_dir',
+			'error_log',
 			'Host',
 			'HTTP_COOKIE',
 			'HTTP_HOST',
@@ -99,7 +100,9 @@ class AdminModelSysInfo extends JModelLegacy
 			'Server Root',
 			'session.name',
 			'session.save_path',
+			'upload_tmp_dir',
 			'User/Group',
+			'open_basedir'
 		),
 		'other' => array(
 			'db',
@@ -122,7 +125,8 @@ class AdminModelSysInfo extends JModelLegacy
 			'session_memcached_server_host',
 			'sitename',
 			'smtphost',
-			'tmp_path'
+			'tmp_path',
+			'open_basedir'
 		)
 	);
 
@@ -201,6 +205,10 @@ protected function cleanSectionPrivateData($sectionValues)
 	{
 		if (!is_array($sectionValues))
 		{
+			if (strstr($sectionValues, JPATH_ROOT))
+			{
+				$sectionValues = 'xxxxxx';
+			}
 			return strlen($sectionValues) ? 'xxxxxx' : '';
 		}
 
@@ -324,13 +332,14 @@ public function phpinfoEnabled()
 	/**
 	 * Method to get filter data from the model
 	 *
-	 * @param   string  $dataType  Type of data to get safely
+	 * @param  string  $dataType  Type of data to get safely
+	 * @param  bool  $public  passing to certain methods to strip sensitive data
 	 *
 	 * @return  array
 	 *
 	 * @since   3.5
 	 */
-	public function getSafeData($dataType)
+	public function getSafeData($dataType, $public = true)
 	{
 		if (isset($this->safeData[$dataType]))
 		{
@@ -344,7 +353,7 @@ public function getSafeData($dataType)
 			return array();
 		}
 
-		$data = $this->$methodName();
+		$data = $this->$methodName($public);
 
 		$this->safeData[$dataType] = $this->cleanPrivateData($data, $dataType);
 
@@ -483,11 +492,13 @@ public function getExtensions()
 	/**
 	 * Method to get the directory states
 	 *
+	 * @param   bool $public  if $public if true no information is going to be removed
+	 *
 	 * @return  array States of directories
 	 *
 	 * @since   1.6
 	 */
-	public function getDirectory()
+	public function getDirectory($public = false)
 	{
 		if (!empty($this->directories))
 		{
@@ -596,8 +607,16 @@ public function getDirectory()
 			$this->addDirectory('administrator/cache', JPATH_CACHE, 'COM_ADMIN_CACHE_DIRECTORY');
 		}
 
-		$this->addDirectory($registry->get('log_path', JPATH_ROOT . '/log'), $registry->get('log_path', JPATH_ROOT . '/log'), 'COM_ADMIN_LOG_DIRECTORY');
-		$this->addDirectory($registry->get('tmp_path', JPATH_ROOT . '/tmp'), $registry->get('tmp_path', JPATH_ROOT . '/tmp'), 'COM_ADMIN_TEMP_DIRECTORY');
+		if ($public)
+		{
+			$this->addDirectory('log', $registry->get('log_path', JPATH_ROOT . '/log'), 'COM_ADMIN_LOG_DIRECTORY');
+			$this->addDirectory('tmp', $registry->get('tmp_path', JPATH_ROOT . '/tmp'), 'COM_ADMIN_TEMP_DIRECTORY');
+		}
+		else
+		{
+			$this->addDirectory($registry->get('log_path', JPATH_ROOT . '/log'), $registry->get('log_path', JPATH_ROOT . '/log'), 'COM_ADMIN_LOG_DIRECTORY');
+			$this->addDirectory($registry->get('tmp_path', JPATH_ROOT . '/tmp'), $registry->get('tmp_path', JPATH_ROOT . '/tmp'), 'COM_ADMIN_TEMP_DIRECTORY');
+		}
 
 		return $this->directories;
 	}

diff --git a/administrator/components/com_admin/views/sysinfo/view.json.php b/administrator/components/com_admin/views/sysinfo/view.json.php
@@ -59,7 +59,7 @@ protected function getLayoutData()
 			'info'        => $model->getSafeData('info'),
 			'phpSettings' => $model->getSafeData('phpSettings'),
 			'config'      => $model->getSafeData('config'),
-			'directories' => $model->getSafeData('directory'),
+			'directories' => $model->getSafeData('directory', true),
 			'phpInfo'     => $model->getSafeData('phpInfoArray'),
 			'extensions'  => $model->getSafeData('extensions')
 		);

diff --git a/administrator/components/com_admin/views/sysinfo/view.text.php b/administrator/components/com_admin/views/sysinfo/view.text.php
@@ -55,7 +55,7 @@ public function display($tpl = null)
 			}
 		}
 
-		echo implode("\n\n", $lines);
+		echo str_replace(JPATH_ROOT, 'xxxxxx', implode("\n\n", $lines));
 
 		JFactory::getApplication()->close();
 	}
@@ -86,7 +86,7 @@ protected function getLayoutData()
 			),
 			'directories' => array(
 				'title' => JText::_('COM_ADMIN_DIRECTORY_PERMISSIONS', true),
-				'data'  => $model->getSafeData('directory')
+				'data'  => $model->getSafeData('directory', true)
 			),
 			'phpInfo' => array(
 				'title' => JText::_('COM_ADMIN_PHP_INFORMATION', true),