More input checking - validate against $users[] everywhere.

Convert /home/ . $user into something that uses getpwnam['dir'] so we can handle odd $HOME locations.
sofar · Oct 11, 2012 · 2608920 · 2608920
1 parent 6adc60a
commit 2608920
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/db.php b/db.php
@@ -41,7 +41,9 @@
 echo "var albums = [\n";
 
 for ($x = 0; $x < count($users); $x++) {
-	$d = "/home/" . $users[$x] . "/album";
+	$pw = posix_getpwnam($users[$x]);
+	$home = $pw['dir'];
+	$d = $home . "/album";
 	if (!is_dir($d))
 		continue;
 	$ah = opendir($d);

diff --git a/exif.php b/exif.php
@@ -25,6 +25,8 @@
 # Get exif info for an image, and render a XML content that can be inserted
 # into a webpage dynamically
 
+include 'config.php';
+
 $fields = array (
 	"FILE.FileName" => "Filename",
 	"EXIF.ExifImageWidth" => "Width",
@@ -46,11 +48,16 @@
 $image = $_GET['i'];
 $user = $_GET['u'];
 
-$album = dirname($image);
+if (array_search($user, $users) === FALSE)
+	die("-EINVAL\n");
 
-$obj = "/home/" . $user . "/album/" . $image;
+$album = dirname($image);
 
 $pw = posix_getpwnam($user);
+$home = $pw['dir'];
+
+$obj = $home . "/album/" . $image;
+
 echo "Path: " . $image . "\n";
 echo "Owner: " . $pw['gecos'] . "\n\n";
 

diff --git a/image.php b/image.php
@@ -118,8 +118,11 @@ function pass_file_and_exit($file) {
 
 $album = dirname($image);
 
+$pw = posix_getpwnam($users[$x]);
+$home = $pw['dir'];
+
 # passtrhru unsized?
-$obj = "/home/" . $user . "/album/" . $image;
+$obj = $home . "/album/" . $image;
 if ($size == 0) {
 	if (file_exists($obj))
 		pass_file_and_exit($obj);