Permalink
Browse files

More input checking - validate against $users[] everywhere.

Convert /home/ . $user into something that uses getpwnam['dir'] so
we can handle odd $HOME locations.
  • Loading branch information...
1 parent 6adc60a commit 260892025b4b08707787400aa73fe31feb3bfff6 @sofar committed Oct 11, 2012
Showing with 16 additions and 4 deletions.
  1. +3 −1 db.php
  2. +9 −2 exif.php
  3. +4 −1 image.php
View
4 db.php
@@ -41,7 +41,9 @@
echo "var albums = [\n";
for ($x = 0; $x < count($users); $x++) {
- $d = "/home/" . $users[$x] . "/album";
+ $pw = posix_getpwnam($users[$x]);
+ $home = $pw['dir'];
+ $d = $home . "/album";
if (!is_dir($d))
continue;
$ah = opendir($d);
View
@@ -25,6 +25,8 @@
# Get exif info for an image, and render a XML content that can be inserted
# into a webpage dynamically
+include 'config.php';
+
$fields = array (
"FILE.FileName" => "Filename",
"EXIF.ExifImageWidth" => "Width",
@@ -46,11 +48,16 @@
$image = $_GET['i'];
$user = $_GET['u'];
-$album = dirname($image);
+if (array_search($user, $users) === FALSE)
+ die("-EINVAL\n");
-$obj = "/home/" . $user . "/album/" . $image;
+$album = dirname($image);
$pw = posix_getpwnam($user);
+$home = $pw['dir'];
+
+$obj = $home . "/album/" . $image;
+
echo "Path: " . $image . "\n";
echo "Owner: " . $pw['gecos'] . "\n\n";
View
@@ -118,8 +118,11 @@ function pass_file_and_exit($file) {
$album = dirname($image);
+$pw = posix_getpwnam($users[$x]);
+$home = $pw['dir'];
+
# passtrhru unsized?
-$obj = "/home/" . $user . "/album/" . $image;
+$obj = $home . "/album/" . $image;
if ($size == 0) {
if (file_exists($obj))
pass_file_and_exit($obj);

0 comments on commit 2608920

Please sign in to comment.