Permalink
Browse files

v3.0 - Improve sanitization.

-v3.0.
-Improve sanitization.
-Based on input from neogeovr on Reddit.
  • Loading branch information...
zelon88 committed Nov 19, 2018
1 parent 07473b0 commit 61d35a6d39843dc73d88058c9c1c791da5462977
Showing with 227 additions and 212 deletions.
  1. +15 −0 CHANGELOG.txt
  2. +116 −116 cloudCore.php
  3. +4 −4 commonCore.php
  4. +9 −9 compatibilityCore.php
  5. +82 −82 sanitizeCore.php
  6. +1 −1 versionInfo.php
@@ -1,3 +1,18 @@
COMMIT 11/18/2018
v3.0 - Improve sanitization.
-v3.0.
-Improve sanitization.
-Based on input from neogeovr on Reddit.
----------
COMMIT 11/15/2018
v2.9.9 - Add OpenJSCAD app.
-v2.9.9.
-Add OpenJSCAD app.
----------
COMMIT 10/28/2018
v2.9.8 - Fix HTML syntax, remove unneeded core calls.

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -171,17 +171,17 @@
// / Also used to create new UserDirs.
$UserDirPOST = '/';
// / If a valid UserDir is set, use it for all paths and operations.
if (isset($_POST['UserDir']) or $_POST['UserDir'] !== '/') $UserDirPOST = $_POST['UserDirPOST'] = str_replace('//', '/', str_replace('///', '/', '/'.$_POST['UserDir'].'/'));
if (isset($_POST['UserDir']) or $_POST['UserDir'] !== '/') $UserDirPOST = $_POST['UserDirPOST'] = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', '/'.$_POST['UserDir'].'/')));
// / If the root Cloud Drive is selected set the path directory and URL directory as a slash.
if (!isset($_POST['UserDir']) && !isset($_POST['UserDirPOST'])) $Udir = $UserDirPOST = '/';
// / Whatever directory the user is "in" is used for URLs.
if (isset($_POST['UserDir']) or isset($_POST['UserDirPOST'])) $Udir = str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', $_POST['UserDirPOST'].'/')));
if (isset($_POST['UserDir']) or isset($_POST['UserDirPOST'])) $Udir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', $_POST['UserDirPOST'].'/'))));
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
// / The following code defines the user directories and adds them to the array of RequiredDirs.
$CloudTmpDir = str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudTempDir.$UserDirPOST))));
$CloudUsrDir = str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudDir.$UserDirPOST))));
$CloudTmpDir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudTempDir.$UserDirPOST)))));
$CloudUsrDir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudDir.$UserDirPOST)))));
array_push($RequiredDirs1, $CloudTmpDir, $CloudUsrDir);
// / -----------------------------------------------------------------------------------
@@ -2,8 +2,8 @@
/*
HRCLOUD2 VERSION INFORMATION
THIS VERSION : v2.9.9
WRITTEN ON : 11/15/2018
THIS VERSION : v3.0
WRITTEN ON : 11/18/2018
*/
// / -----------------------------------------------------------------------------------
@@ -37,13 +37,13 @@
// / -----------------------------------------------------------------------------------
// / The following code sets the global variables for the session.
$ClearCachePOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['ClearCache']);
$AutoUpdatePOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoUpdate']);
$AutoDownloadPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoDownload']);
$AutoInstallPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoInstall']);
$AutoCleanPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoClean']);
$CheckCompatPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckCompatibility']);
$CheckPermsPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckPermissions']);
$ClearCachePOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['ClearCache']));
$AutoUpdatePOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoUpdate']));
$AutoDownloadPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoDownload']));
$AutoInstallPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoInstall']));
$AutoCleanPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoClean']));
$CheckCompatPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckCompatibility']));
$CheckPermsPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckPermissions']));
$ResourceDir = $InstLoc.'/Resources/TEMP';
$ResourceDir1 = $ResourceDir.'/HRCloud2-master';
$UpdatedZIP1 = $ResourceDir.'/HRC2UPDATE1.zip';
Oops, something went wrong.

0 comments on commit 61d35a6

Please sign in to comment.