Skip to content
Permalink
Browse files

v3.1.5 - Fix bugs in search feature. Strenghen security.

-v3.1.5.
-Improve security/sanitization.
-Search now completes much faster.
-Search is now current-directory specific (less than ideal).
-Working on search all folders.
-scandir() is weird.
  • Loading branch information...
zelon88 committed Apr 5, 2019
1 parent 47fc343 commit eca1c9885fc158a469ab391a3797526026b20e6e
Showing with 50 additions and 53 deletions.
  1. +11 −0 CHANGELOG.txt
  2. +37 −51 cloudCore.php
  3. +1 −1 compatibilityCore.php
  4. +1 −1 versionInfo.php
@@ -1,3 +1,14 @@
COMMIT 4/4/2019
v3.1.5 - Fix bugs in search feature. Strenghen security.

-v3.1.5.
-Improve security/sanitization.
-Search now completes much faster.
-Search is now current-directory specific (less than ideal).
-Working on search all folders.
-scandir() is weird.

----------
COMMIT 4/3/2019
v3.1.4 - Fix bug. Improve performance by defering some resources.

@@ -1158,67 +1158,53 @@
// / -----------------------------------------------------------------------------------
// / Code to search a users Cloud Drive and return the results.
if (isset($_POST['search'])) {
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: '."User initiated Cloud Search on $Time".'.'.PHP_EOL, FILE_APPEND); ?>
<div align="center"><h3>Search Results</h3></div>
<hr />
<?php
$SearchRAW = $_POST['search'];
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: Raw user input is "'.$SearchRAW.'" on '.$Time.'.'.PHP_EOL, FILE_APPEND);
$searchRAW = str_replace('..', '', str_replace(str_split('\\/[]{};:!$#&@>*<'), '', $searchRAW));
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: Sanitized user input is "'.$SearchRAW.'" on '.$Time.'.'.PHP_EOL, FILE_APPEND);
$SearchLower = strtolower($SearchRAW);
if ($SearchRAW == '') {
?><div align="center"><?php echo('Please enter a search keyword.'.$br.'<a href="#" onclick="goBack();">&#8592; Go Back</a>'); ?><hr /></div> <?php die(); }
if (isset($_POST['search'])) { ?>
<div align="center"><h3>Search Results</h3></div><hr /><?php
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: '."User initiated Cloud Search on $Time".'.'.PHP_EOL, FILE_APPEND);
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: User input is "'.$SearchRAW.'" on '.$Time.'.'.PHP_EOL, FILE_APPEND);
$PendingResCount1 = $PendingResCount2 = 0;
$ResultFiles = scandir($CloudUsrDir);
if (isset($SearchRAW)) {
foreach ($ResultFiles as $ResultFile0) {
if ($ResultFile0 == '.' or $ResultFile0 == '..' or $ResultFile0 == 'index.html'
or $ResultFile0 == '.AppData' or strpos($ResultFile0, '.php') !== FALSE) continue;
foreach ($DangerousFiles as $DangerousFile) {
if (strpos($ResultFile0, $DangerousFile) !== FALSE) continue 2; }
$ResultFile = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', $CloudUsrDir.$ResultFile0)));
$ResultTmpFile = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', $CloudTmpDir.$ResultFile0)));
$ResultURL = 'DATA/'.$UserID.$UserDirPOST.$ResultFile0;
$F2 = pathinfo($ResultFile, PATHINFO_BASENAME);
$F3 = $CloudTmpDir.$F2;
$F4 = pathinfo($ResultFile, PATHINFO_FILENAME);
$F5 = pathinfo($ResultFile, PATHINFO_EXTENSION);
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: '."Submitted $ResultFile to $CloudTmpDir on $Time".'.'.PHP_EOL, FILE_APPEND);
$searchDir = $CloudUsrDir;
function search($searchTerm, $searchDir) {
global $LogFile, $PendingResCount1, $PendingResCount2, $Time, $br, $DangerousFiles, $CloudUsrDir, $CloudTmpDir, $UserID, $UserDirPOST;
$SearchRAW = str_replace('..', '', str_replace(str_split('\\/[]{};:!$#&@>*<'), '', $searchTerm));
$SearchLower = strtolower($SearchRAW);
if ($SearchRAW == '') {
?><div align="center"><?php echo('Please enter a search keyword.'.$br.'<a href="#" onclick="goBack();">&#8592; Go Back</a>'); ?><hr /></div> <?php die(); }
$ResultFiles = scandir($searchDir);
if (isset($SearchRAW)) {
foreach ($ResultFiles as $ResultFile0) {
if ($ResultFile0 == '.' or $ResultFile0 == '..' or $ResultFile0 == 'index.html'
or $ResultFile0 == '.AppData' or strpos($ResultFile0, '.php') !== FALSE or strpos($ResultFile0, '.htaccess') !== FALSE) continue;
foreach ($DangerousFiles as $DangerousFile) if (strpos($ResultFile0, $DangerousFile) !== FALSE) continue 2;
$ResultFile = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', $searchDir.$ResultFile0)));
$PendingResCount1++;
$ResultRAW = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', $ResultFile0)));
$Result = strtolower($ResultRAW);
if (!preg_match("/$SearchLower/", $Result)) continue;
if (preg_match("/$SearchLower/", $Result)) {
$PendingResCount2++;
if (is_dir($ResultFile)) {
@mkdir($F3, $ILPerms);
foreach ($iterator = new \RecursiveIteratorIterator(
new \RecursiveDirectoryIterator($ResultFile, \RecursiveDirectoryIterator::SKIP_DOTS),
\RecursiveIteratorIterator::SELF_FIRST) as $item) {
$item = str_replace('//', '/', str_replace('///', '/', $item));
$F6 = $F3.DIRECTORY_SEPARATOR.$iterator->getSubPathName();
if (is_dir($item)) {
@mkdir($F6); }
else {
@copy($item, $F6); } }
$ResultURL = 'cloudCore.php?UserDirPOST='.$ResultFile0 ; }
if (!is_dir($ResultFile)) {
@copy($ResultFile, $ResultTmpFile); }
?><a href='<?php echo($ResultURL); ?>'><?php echo($ResultFile0."\n"); ?></a>
<hr /><?php } }
echo('Searched '.$PendingResCount1.' files for "'.$SearchRAW.'" and found '.$PendingResCount2.' results on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, 'OP-ACT, Searched '.$PendingResCount1.' files for "'.$SearchRAW.'" and found '.$PendingResCount2.' results on '.$Time.'.'.PHP_EOL, FILE_APPEND); } ?>
if (strpos($Result, $SearchLower) === FALSE or !file_exists($ResultFile)) continue;
else {
if (!is_dir($ResultFile)) {
$ResultTmpFile = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', $CloudTmpDir.$ResultFile0)));
$ResultURL = 'DATA/'.$UserID.$UserDirPOST.$ResultFile0;
$F2 = pathinfo($ResultFile, PATHINFO_BASENAME);
$F3 = $CloudTmpDir.$F2;
$F4 = pathinfo($ResultFile, PATHINFO_FILENAME);
$F5 = pathinfo($ResultFile, PATHINFO_EXTENSION);
@symlink($ResultFile, $ResultTmpFile);
$MAKELogFile = file_put_contents($LogFile, 'OP-Act: '."Submitted $ResultFile to $CloudTmpDir on $Time".'.'.PHP_EOL, FILE_APPEND);
$PendingResCount2++;
?><a href='<?php echo($ResultURL); ?>'><?php echo($ResultFile0."\n"); ?></a>
<hr /><?php } } } }
echo('Searched '.$PendingResCount1.' files for "'.$SearchRAW.'" and found '.$PendingResCount2.' results on '.$Time.'.');
$MAKELogFile = file_put_contents($LogFile, 'OP-ACT, Searched '.$PendingResCount1.' files for "'.$SearchRAW.'" and found '.$PendingResCount2.' results on '.$Time.'.'.PHP_EOL, FILE_APPEND); }
search($_POST['search'], $searchDir); ?>
<br>
<div align="center"><a href="#" onclick="goBack();">&#8592; Go Back</a></div>
<hr />
<?php
<hr /><?php
// / Free un-needed memory.
$_POST['search'] = $txt = $MAKELogFile = $SearchRAW = $PendingResCount1 = $PendingResCount2 = $ResultFiles = $SearchLower = $ResultFile = $ResultFile0 = $ResultTmpFile
= $ResultURL = $F2 = $F3 = $F4 = $F5 = $F6 = $Result = $iterator = $item = null;
unset($_POST['search'], $txt, $MAKELogFile, $SearchRAW, $PendingResCount1, $PendingResCount2, $ResultFiles, $SearchLower, $ResultFile, $ResultFile0, $ResultTmpFile,
$ResultURL, $F2, $F3, $F4, $F5, $F6, $Result, $iterator, $item); }
$ResultURL, $F2, $F3, $F4, $F5, $F6, $Result, $iterator, $item); }
// / -----------------------------------------------------------------------------------
// / -----------------------------------------------------------------------------------
@@ -2,7 +2,7 @@
/*
HRCLOUD2 VERSION INFORMATION
THIS VERSION : v3.1.4
THIS VERSION : v3.1.5
WRITTEN ON : 4/3/2019
*/
@@ -1,4 +1,4 @@
<?php
// / This file contains the current HRCloud2 version for auto-update purposes.
// /
$Version = 'v3.1.4';
$Version = 'v3.1.5';

0 comments on commit eca1c98

Please sign in to comment.
You can’t perform that action at this time.