From 81ae8f30164362834d49606535bc5f81a6f642be Mon Sep 17 00:00:00 2001 From: Stefan Brand Date: Tue, 11 Jan 2022 17:02:35 +0100 Subject: [PATCH] Prevent Path Traversal --- index.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/index.php b/index.php index 905f28d..67d10ff 100644 --- a/index.php +++ b/index.php @@ -16,6 +16,9 @@ $thumburl = Helpers::end_dir($conf['web_thumbdir']); $galleryname = $conf['gallery_name']; +// Prepare Path Traversal Check +$r_basedir=realpath($imagedir); + // Get Parameters or Set Defaults $page = $_GET['p'] ?? $conf['defpage']; $slice = $_GET['s'] ?? $conf['defslice']; @@ -36,6 +39,12 @@ if (isset($_SESSION['files']) { $files = $_SESSION['files']; } else { + $r_imagedir = realpath($imagedir.$dir); + + if ($r_imagedir === false || strcmp($r_imagedir, $r_basedir . DIRECTORY_SEPARATOR) !== 0) { + print "Path Traversal Detected!"; + exit(); + } $tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR); if (!empty($tmpdirs)) { foreach ($tmpdirs as $tmpdir)