Project

General

Profile

« Previous | Next » 

Revision 1475

Added by Dietmar over 13 years ago

+ add SecureForm.mtab.php under mantennance by WebsiteBaker Community
! security fixes media, groups, users, sections
  1. change lang variable to remove upgrade-script
    ! reworked add sections in pages
    ! fix set empty href in show_menu2
    ! set show_menu2 version to 4.9.6
    ! reworked Droplet LoginBox, add redirect query
    - remove unneeded folder js
    ! set Droplet to version 1.1.0
    + add checkboxes to change frontend absolute url to relative urls
    ! set output_filter version to 0.2

View differences:

rename.php
26 26

  
27 27
// Get the current dir
28 28
$directory = $admin->get_get('dir');
29
if($directory == '/') {
30
	$directory = '';
31
}
29
$directory = ($directory == '/') ?  '' : $directory;
32 30

  
33
// Check to see if it contains ..
31
$dirlink = 'browse.php?dir='.$directory;
32
$rootlink = 'browse.php?dir=';
33
// $file_id = intval($admin->get_get('id'));
34

  
35
// first Check to see if it contains ..
34 36
if (!check_media_path($directory)) {
35
	$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], "browse.php?dir=$directory", false);
37
	$admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'],$rootlink, false);
36 38
}
37 39

  
38 40
// Get the temp id
39
$file_id = $admin->checkIDKEY('id', false, 'GET');
41
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
40 42
if (!$file_id) {
41
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
43
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false);
42 44
}
43 45

  
44 46
// Get home folder not to show
45 47
$home_folders = get_home_folders();
48
// Check for potentially malicious files and append 'txt' to their name
49
$rename_file_types  = str_replace(',','|',RENAME_FILES_ON_UPLOAD);
50
// hardcodet forbidden filetypes
51
$forbidden_file_types = 'phtml|php5|php4|php|cgi|pl|exe|com|bat|src|'.$rename_file_types;
46 52

  
47 53
// Figure out what folder name the temp id is
48 54
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) {
49 55
	// Loop through the files and dirs an add to list
50 56
   while (false !== ($file = readdir($handle))) {
57
		$info = pathinfo($file);
58
		$ext = isset($info['extension']) ? $info['extension'] : '';
51 59
		if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') {
52
			if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) {
53
				if(!isset($home_folders[$directory.'/'.$file])) {
54
					$DIR[] = $file;
60
			if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) {
61
				if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) {
62
					if(!isset($home_folders[$directory.'/'.$file])) {
63
						$DIR[] = $file;
64
					}
65
				} else {
66
					$FILE[] = $file;
55 67
				}
56
			} else {
57
				$FILE[] = $file;
58 68
			}
59 69
		}
60 70
	}
71

  
61 72
	$temp_id = 0;
62 73
	if(isset($DIR)) {
63 74
		sort($DIR);
......
69 80
			}
70 81
		}
71 82
	}
83

  
72 84
	if(isset($FILE)) {
73 85
		sort($FILE);
74 86
		foreach($FILE AS $name) {
......
82 94
}
83 95

  
84 96
if(!isset($rename_file)) {
85
	$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], "browse.php?dir=$directory", false);
97
	$admin->print_error($MESSAGE['MEDIA']['FILE_NOT_FOUND'], $dirlink, false);
86 98
}
87 99

  
88 100
// Setup template object
......
109 121
					'FILENAME' => $rename_file,
110 122
					'DIR' => $directory,
111 123
					'FILE_ID' => $admin->getIDKEY($file_id),
124
					// 'FILE_ID' => $file_id,
112 125
					'TYPE' => $type,
113 126
					'EXTENSION' => $extension,
114 127
					'FTAN' => $admin->getFTAN()

Also available in: Unified diff