Skip to content
Permalink
Browse files
sec(Utils) Sensitive Data Exposure: file path
  • Loading branch information
joebordes committed Oct 31, 2021
1 parent 4441365 commit c05cdd565798c883117f8824d95c7f7a7b8c6bcc
Showing with 14 additions and 11 deletions.
  1. +14 −11 include/utils/CommonUtils.php
@@ -3306,11 +3306,11 @@ function checkFileAccessForInclusion($filepath) {
echo '<pre>';
debug_print_backtrace();
echo '</pre>';
echo 'We are looking for this file path: '.htmlspecialchars($filepath, ENT_QUOTES, $default_charset).'<br>';
echo 'We are looking here:<br> Real file path: '.htmlspecialchars($realfilepath, ENT_QUOTES, $default_charset).'<br>';
echo 'Root dir path: '.htmlspecialchars($rootdirpath, ENT_QUOTES, $default_charset).'<br>';
}
echo 'Sorry! Attempt to access restricted file.<br>';
echo 'We are looking for this file path: '.htmlspecialchars($filepath, ENT_QUOTES, $default_charset).'<br>';
echo 'We are looking here:<br> Real file path: '.htmlspecialchars($realfilepath, ENT_QUOTES, $default_charset).'<br>';
echo 'Root dir path: '.htmlspecialchars($rootdirpath, ENT_QUOTES, $default_charset).'<br>';
echo 'Attempt to access restricted file.';
die();
}
}
@@ -3341,20 +3341,23 @@ function checkFileAccessForDeletion($filepath) {

if (stripos($realfilepath, $rootdirpath) !== 0 || !in_array($filePathParts[0], $safeDirectories)) {
global $default_charset;
echo 'Sorry! Attempt to access restricted file.<br>';
echo 'We are looking for this file path: '.htmlspecialchars($filepath, ENT_QUOTES, $default_charset).'<br>';
echo 'We are looking here:<br> Real file path: '.htmlspecialchars($realfilepath, ENT_QUOTES, $default_charset).'<br>';
echo 'Root dir path: '.htmlspecialchars($rootdirpath, ENT_QUOTES, $default_charset).'<br>';
if (GlobalVariable::getVariable('Debug_Access_Restricted_File', 0)) {
echo '<pre>';
debug_print_backtrace();
echo '</pre>';
echo 'We are looking for this file path: '.htmlspecialchars($filepath, ENT_QUOTES, $default_charset).'<br>';
echo 'We are looking here:<br> Real file path: '.htmlspecialchars($realfilepath, ENT_QUOTES, $default_charset).'<br>';
echo 'Root dir path: '.htmlspecialchars($rootdirpath, ENT_QUOTES, $default_charset).'<br>';
}
echo 'Attempt to access restricted file.';
die();
}
}

/** Function to check the file access is made within web root directory. */
function checkFileAccess($filepath) {
if (!isInsideApplication($filepath)) {
global $default_charset;
echo 'Sorry! Attempt to access restricted file.<br>';
echo 'We are looking for this file path: '.htmlspecialchars($filepath, ENT_QUOTES, $default_charset).'<br>';
echo 'Attempt to access restricted file.<br>';
die();
}
}

0 comments on commit c05cdd5

Please sign in to comment.