Implemented Basic Input Validation

This commit is contained in:
seiichiro 2022-02-18 10:08:22 +01:00
parent 69b481d06d
commit f73f34e775
3 changed files with 61 additions and 8 deletions

View file

@ -26,7 +26,19 @@ $gslice = $_GET['gs'] ?? $conf['defslice'];
$dir = $_GET['d'] ?? $conf['defdir']; $dir = $_GET['d'] ?? $conf['defdir'];
$sort = $_GET['so'] ?? 1; $sort = $_GET['so'] ?? 1;
// Input Validation and Sanitazion
$page = Helpers::validate_int($page, 1, PHP_INT_MAX) ? $page : $conf['defpage'];
$slice = Helpers::validate_int($slice, 1, 100) ? $slice : $conf['defslice'];
$gslice = Helpers::validate_int($gslice, 1, 100) ? $gslice : $conf['defslice'];
$sort = Helpers::validate_int($sort, 0, 1) ? $sort : $conf['defslice'];
// Set Some Variables
$host = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
$proto = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : $_SERVER['REQUEST_SCHEME'];
$secure = ($proto == 'https');
// Create or Load Session // Create or Load Session
session_set_cookie_params([ 'lifetime' => 3600, 'path' => '/', 'domain' => $host, 'secure' => $secure, 'httponly' => true, 'samesite' => 'lax' ]);
session_start(); session_start();
// Initialize Thumbnail Handler // Initialize Thumbnail Handler
@ -46,7 +58,9 @@ if (isset($_SESSION[$cdir])
} else { } else {
$r_imagedir = realpath($imagedir.$dir); $r_imagedir = realpath($imagedir.$dir);
if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) { if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) {
print "Path Traversal Detected!"; $data['script'] = $_SERVER['PHP_SELF'];
$data['errormsg'] = 'A Path Traversal was Detected';
Template::view('tpl/error.html', $data);
exit(); exit();
} }
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR); $tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
@ -69,13 +83,20 @@ if (isset($_SESSION[$cdir])
$filter=''; $filter='';
if (isset($_GET['f'])) { if (isset($_GET['f'])) {
if ($_GET['f'] != '') { if ($_GET['f'] != '') {
$tr = array('(' => '\(', ')' => '\)'); if (Helpers::validate_search($_GET['f'])) {
$f = strtr($_GET['f'], $tr); $tr = array('(' => '\(', ')' => '\)');
if (!empty($files)) $f = strtr($_GET['f'], $tr);
$files = array_values(preg_grep('/.*'.$f.'.*/i', $files)); if (!empty($files))
if (!empty($dirs)) $files = array_values(preg_grep('/.*'.$f.'.*/i', $files));
$dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs)); if (!empty($dirs))
$filter='&f='.$_GET['f']; $dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs));
$filter='&f='.$_GET['f'];
} else {
$data['script'] = $_SERVER['PHP_SELF'];
$data['errormsg'] = 'An Invalid Search String was detected';
Template::view('tpl/error.html', $data);
exit();
}
} }
} }

View file

@ -11,6 +11,26 @@ class Helpers {
} }
} }
// Check if a Variable is an Integer and in the defined Range
public static function validate_int($int, $min, $max) {
if (is_string($int) && !ctype_digit($int)) {
return false; // contains non digit characters
}
if (!is_int((int) $int)) {
return false; // other non-integer value or exceeds PHP_MAX_INT
}
return ($int >= $min && $int <= $max);
}
// Check Search String for Valid Characters
public static function validate_search($search) {
if (!preg_match("#^[a-zA-Z0-9äöüÄÖÜ _\-\.\*\?]+$#", $search)) {
return false;
} else {
return true;
}
}
} }
?> ?>

12
tpl/error.html Normal file
View file

@ -0,0 +1,12 @@
{% extends tpl/layout.html %}
{% block title %}An Error Occured{% endblock %}
{% block content %}
<div class="container">
<p class="error">{{ $errormsg }}</p>
<p class="error">Return to <a href="{{ $script }}">Homepage</a></p>
</div>
{% endblock %}