Implemented Basic Input Validation
This commit is contained in:
parent
69b481d06d
commit
f73f34e775
3 changed files with 61 additions and 8 deletions
37
index.php
37
index.php
|
@ -26,7 +26,19 @@ $gslice = $_GET['gs'] ?? $conf['defslice'];
|
||||||
$dir = $_GET['d'] ?? $conf['defdir'];
|
$dir = $_GET['d'] ?? $conf['defdir'];
|
||||||
$sort = $_GET['so'] ?? 1;
|
$sort = $_GET['so'] ?? 1;
|
||||||
|
|
||||||
|
// Input Validation and Sanitazion
|
||||||
|
$page = Helpers::validate_int($page, 1, PHP_INT_MAX) ? $page : $conf['defpage'];
|
||||||
|
$slice = Helpers::validate_int($slice, 1, 100) ? $slice : $conf['defslice'];
|
||||||
|
$gslice = Helpers::validate_int($gslice, 1, 100) ? $gslice : $conf['defslice'];
|
||||||
|
$sort = Helpers::validate_int($sort, 0, 1) ? $sort : $conf['defslice'];
|
||||||
|
|
||||||
|
// Set Some Variables
|
||||||
|
$host = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
|
||||||
|
$proto = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : $_SERVER['REQUEST_SCHEME'];
|
||||||
|
$secure = ($proto == 'https');
|
||||||
|
|
||||||
// Create or Load Session
|
// Create or Load Session
|
||||||
|
session_set_cookie_params([ 'lifetime' => 3600, 'path' => '/', 'domain' => $host, 'secure' => $secure, 'httponly' => true, 'samesite' => 'lax' ]);
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
// Initialize Thumbnail Handler
|
// Initialize Thumbnail Handler
|
||||||
|
@ -46,7 +58,9 @@ if (isset($_SESSION[$cdir])
|
||||||
} else {
|
} else {
|
||||||
$r_imagedir = realpath($imagedir.$dir);
|
$r_imagedir = realpath($imagedir.$dir);
|
||||||
if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) {
|
if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) {
|
||||||
print "Path Traversal Detected!";
|
$data['script'] = $_SERVER['PHP_SELF'];
|
||||||
|
$data['errormsg'] = 'A Path Traversal was Detected';
|
||||||
|
Template::view('tpl/error.html', $data);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
|
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
|
||||||
|
@ -69,13 +83,20 @@ if (isset($_SESSION[$cdir])
|
||||||
$filter='';
|
$filter='';
|
||||||
if (isset($_GET['f'])) {
|
if (isset($_GET['f'])) {
|
||||||
if ($_GET['f'] != '') {
|
if ($_GET['f'] != '') {
|
||||||
$tr = array('(' => '\(', ')' => '\)');
|
if (Helpers::validate_search($_GET['f'])) {
|
||||||
$f = strtr($_GET['f'], $tr);
|
$tr = array('(' => '\(', ')' => '\)');
|
||||||
if (!empty($files))
|
$f = strtr($_GET['f'], $tr);
|
||||||
$files = array_values(preg_grep('/.*'.$f.'.*/i', $files));
|
if (!empty($files))
|
||||||
if (!empty($dirs))
|
$files = array_values(preg_grep('/.*'.$f.'.*/i', $files));
|
||||||
$dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs));
|
if (!empty($dirs))
|
||||||
$filter='&f='.$_GET['f'];
|
$dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs));
|
||||||
|
$filter='&f='.$_GET['f'];
|
||||||
|
} else {
|
||||||
|
$data['script'] = $_SERVER['PHP_SELF'];
|
||||||
|
$data['errormsg'] = 'An Invalid Search String was detected';
|
||||||
|
Template::view('tpl/error.html', $data);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,26 @@ class Helpers {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if a Variable is an Integer and in the defined Range
|
||||||
|
public static function validate_int($int, $min, $max) {
|
||||||
|
if (is_string($int) && !ctype_digit($int)) {
|
||||||
|
return false; // contains non digit characters
|
||||||
|
}
|
||||||
|
if (!is_int((int) $int)) {
|
||||||
|
return false; // other non-integer value or exceeds PHP_MAX_INT
|
||||||
|
}
|
||||||
|
return ($int >= $min && $int <= $max);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check Search String for Valid Characters
|
||||||
|
public static function validate_search($search) {
|
||||||
|
if (!preg_match("#^[a-zA-Z0-9äöüÄÖÜ _\-\.\*\?]+$#", $search)) {
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
12
tpl/error.html
Normal file
12
tpl/error.html
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{% extends tpl/layout.html %}
|
||||||
|
|
||||||
|
{% block title %}An Error Occured{% endblock %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
|
||||||
|
<div class="container">
|
||||||
|
<p class="error">{{ $errormsg }}</p>
|
||||||
|
<p class="error">Return to <a href="{{ $script }}">Homepage</a></p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{% endblock %}
|
Loading…
Reference in a new issue