seiichiro/vsgallery
1
0
Fork 0
Code Pull requests Releases Activity

Prevent Path Traversal

Browse source
This commit is contained in:
seiichiro 2022-01-11 17:02:35 +01:00
parent 1e649ab8af
commit 81ae8f3016
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
index.php
View file

@ -16,6 +16,9 @@ $thumburl = Helpers::end_dir($conf['web_thumbdir']);
$galleryname = $conf['gallery_name']; $galleryname = $conf['gallery_name'];
// Prepare Path Traversal Check
$r_basedir=realpath($imagedir);
// Get Parameters or Set Defaults // Get Parameters or Set Defaults
$page = $_GET['p'] ?? $conf['defpage']; $page = $_GET['p'] ?? $conf['defpage'];
$slice = $_GET['s'] ?? $conf['defslice']; $slice = $_GET['s'] ?? $conf['defslice'];
@ -36,6 +39,12 @@ if (isset($_SESSION['files'])
{ {
$files = $_SESSION['files']; $files = $_SESSION['files'];
} else { } else {
$r_imagedir = realpath($imagedir.$dir);
if ($r_imagedir === false || strcmp($r_imagedir, $r_basedir . DIRECTORY_SEPARATOR) !== 0) {
print "Path Traversal Detected!";
exit();
}
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR); $tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
if (!empty($tmpdirs)) { if (!empty($tmpdirs)) {
foreach ($tmpdirs as $tmpdir) foreach ($tmpdirs as $tmpdir)