fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- sanitize field current_directory

Browse Source
This commit is contained in:
Marco Antonio Nina Mena
2017-10-11 13:26:34 -04:00
parent 45c6b0df57
commit c7e8614ada
1 changed files with 2 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
workflow/engine/methods/processes/processes_GetFile.php
View File

@@ -4,7 +4,7 @@ $RBAC->allows(basename(__FILE__), $_GET['MAIN_DIRECTORY']);
$mainDirectory = !empty($_GET['MAIN_DIRECTORY']) ? $_GET['MAIN_DIRECTORY'] : ''; $mainDirectory = !empty($_GET['MAIN_DIRECTORY']) ? $_GET['MAIN_DIRECTORY'] : '';
$proUid = !empty($_GET['PRO_UID']) ? $_GET['PRO_UID'] : ''; $proUid = !empty($_GET['PRO_UID']) ? $_GET['PRO_UID'] : '';
$currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? $_GET['CURRENT_DIRECTORY'] . PATH_SEP : ''; $currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? realpath($_GET['CURRENT_DIRECTORY']) . PATH_SEP : '';
$file = !empty($_GET['FILE']) ? $_GET['FILE'] : ''; $file = !empty($_GET['FILE']) ? $_GET['FILE'] : '';
$extension = (!empty($_GET['sFilextension']) && $_GET['sFilextension'] === 'javascript') ? '.js' : ''; $extension = (!empty($_GET['sFilextension']) && $_GET['sFilextension'] === 'javascript') ? '.js' : '';
@@ -24,14 +24,7 @@ switch ($mainDirectory) {
break; break;
} }
$directory .= $proUid . PATH_SEP; $directory .= $proUid . PATH_SEP . $currentDirectory;
//Delete return directory because path exists in PATH_DATA_MAILTEMPLATES or PATH_DATA_PUBLIC
foreach (pathinfo($currentDirectory) as $value) {
if ($value !== '..') {
$directory .= $value . PATH_SEP;
}
}
$file .= $extension; $file .= $extension;
if (file_exists($directory . $file)) { if (file_exists($directory . $file)) {