Prevent Path Traversal
This commit is contained in:
parent
1e649ab8af
commit
81ae8f3016
1 changed files with 9 additions and 0 deletions
|
@ -16,6 +16,9 @@ $thumburl = Helpers::end_dir($conf['web_thumbdir']);
|
||||||
|
|
||||||
$galleryname = $conf['gallery_name'];
|
$galleryname = $conf['gallery_name'];
|
||||||
|
|
||||||
|
// Prepare Path Traversal Check
|
||||||
|
$r_basedir=realpath($imagedir);
|
||||||
|
|
||||||
// Get Parameters or Set Defaults
|
// Get Parameters or Set Defaults
|
||||||
$page = $_GET['p'] ?? $conf['defpage'];
|
$page = $_GET['p'] ?? $conf['defpage'];
|
||||||
$slice = $_GET['s'] ?? $conf['defslice'];
|
$slice = $_GET['s'] ?? $conf['defslice'];
|
||||||
|
@ -36,6 +39,12 @@ if (isset($_SESSION['files'])
|
||||||
{
|
{
|
||||||
$files = $_SESSION['files'];
|
$files = $_SESSION['files'];
|
||||||
} else {
|
} else {
|
||||||
|
$r_imagedir = realpath($imagedir.$dir);
|
||||||
|
|
||||||
|
if ($r_imagedir === false || strcmp($r_imagedir, $r_basedir . DIRECTORY_SEPARATOR) !== 0) {
|
||||||
|
print "Path Traversal Detected!";
|
||||||
|
exit();
|
||||||
|
}
|
||||||
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
|
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
|
||||||
if (!empty($tmpdirs)) {
|
if (!empty($tmpdirs)) {
|
||||||
foreach ($tmpdirs as $tmpdir)
|
foreach ($tmpdirs as $tmpdir)
|
||||||
|
|
Loading…
Reference in a new issue