Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Call fs_is_directorycomponent() and fs_is_hidden_file() instead of checking manually. Also: Path traversal in Media Manager fixed.

Browse Source
This commit is contained in:
azett 2022-06-24 21:42:48 +02:00
parent 28b7066d82
commit c662bc3590
5 changed files with 257 additions and 230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fp-includes/core/core.filesystem.php
View File

@ -286,7 +286,7 @@ function fs_copy($source, $dest) {
* @return boolean <code>true</code> if the file is a directory component; otherwise <code>false</code> * @return boolean <code>true</code> if the file is a directory component; otherwise <code>false</code>
*/ */
function fs_is_directorycomponent($filename) { function fs_is_directorycomponent($filename) {
return strlen($filename) > 0 && ($filename === '.' || $filename === '..'); return $filename === '.' || $filename === '..';
} }
/** /**

2
fp-includes/core/core.theme.php
View File

@ -120,7 +120,7 @@ function theme_list() {
$dh = opendir($dir); $dh = opendir($dir);
$i = 0; $i = 0;
while (false !== ($filename = readdir($dh))) { while (false !== ($filename = readdir($dh))) {
if (($filename != '.') && ($filename != '..')) { if (!fs_is_directorycomponent($filename)) {
$files [$i++] = $filename; $files [$i++] = $filename;
} }
} }

90
fp-includes/smarty/internals/core.rm_auto.php
View File

@ -1,6 +1,8 @@
<?php <?php
/** /**
* Smarty plugin * Smarty plugin
*
* @package Smarty * @package Smarty
* @subpackage plugins * @subpackage plugins
*/ */
@ -16,54 +18,52 @@
*/ */
// $auto_base, $auto_source = null, $auto_id = null, $exp_time = null // $auto_base, $auto_source = null, $auto_id = null, $exp_time = null
function smarty_core_rm_auto($params, &$smarty) {
if (!@is_dir($params ['auto_base']))
return false;
function smarty_core_rm_auto($params, &$smarty) if (!isset($params ['auto_id']) && !isset($params ['auto_source'])) {
{ $_params = array(
if (!@is_dir($params['auto_base'])) 'dirname' => $params ['auto_base'],
return false; 'level' => 0,
'exp_time' => $params ['exp_time']
);
require_once (SMARTY_CORE_DIR . 'core.rmdir.php');
$_res = smarty_core_rmdir($_params, $smarty);
} else {
$_tname = $smarty->_get_auto_filename($params ['auto_base'], $params ['auto_source'], $params ['auto_id']);
if(!isset($params['auto_id']) && !isset($params['auto_source'])) { if (isset($params ['auto_source'])) {
$_params = array( if (isset($params ['extensions'])) {
'dirname' => $params['auto_base'], $_res = false;
'level' => 0, foreach ((array) $params ['extensions'] as $_extension)
'exp_time' => $params['exp_time'] $_res |= $smarty->_unlink($_tname . $_extension, $params ['exp_time']);
); } else {
require_once(SMARTY_CORE_DIR . 'core.rmdir.php'); $_res = $smarty->_unlink($_tname, $params ['exp_time']);
$_res = smarty_core_rmdir($_params, $smarty); }
} else { } elseif ($smarty->use_sub_dirs) {
$_tname = $smarty->_get_auto_filename($params['auto_base'], $params['auto_source'], $params['auto_id']); $_params = array(
'dirname' => $_tname,
'level' => 1,
'exp_time' => $params ['exp_time']
);
require_once (SMARTY_CORE_DIR . 'core.rmdir.php');
$_res = smarty_core_rmdir($_params, $smarty);
} else {
// remove matching file names
$_handle = opendir($params ['auto_base']);
$_res = true;
while (false !== ($_filename = readdir($_handle))) {
if (fs_is_directorycomponent($_filename)) {
continue;
} elseif (substr($params ['auto_base'] . DIRECTORY_SEPARATOR . $_filename, 0, strlen($_tname)) == $_tname) {
$_res &= (bool) $smarty->_unlink($params ['auto_base'] . DIRECTORY_SEPARATOR . $_filename, $params ['exp_time']);
}
}
}
}
if(isset($params['auto_source'])) { return $_res;
if (isset($params['extensions'])) {
$_res = false;
foreach ((array)$params['extensions'] as $_extension)
$_res |= $smarty->_unlink($_tname.$_extension, $params['exp_time']);
} else {
$_res = $smarty->_unlink($_tname, $params['exp_time']);
}
} elseif ($smarty->use_sub_dirs) {
$_params = array(
'dirname' => $_tname,
'level' => 1,
'exp_time' => $params['exp_time']
);
require_once(SMARTY_CORE_DIR . 'core.rmdir.php');
$_res = smarty_core_rmdir($_params, $smarty);
} else {
// remove matching file names
$_handle = opendir($params['auto_base']);
$_res = true;
while (false !== ($_filename = readdir($_handle))) {
if($_filename == '.' || $_filename == '..') {
continue;
} elseif (substr($params['auto_base'] . DIRECTORY_SEPARATOR . $_filename, 0, strlen($_tname)) == $_tname) {
$_res &= (bool)$smarty->_unlink($params['auto_base'] . DIRECTORY_SEPARATOR . $_filename, $params['exp_time']);
}
}
}
}
return $_res;
} }
/* vim: set expandtab: */ /* vim: set expandtab: */

60
fp-includes/smarty/internals/core.rmdir.php
View File

@ -1,6 +1,8 @@
<?php <?php
/** /**
* Smarty plugin * Smarty plugin
*
* @package Smarty * @package Smarty
* @subpackage plugins * @subpackage plugins
*/ */
@ -15,38 +17,38 @@
* @return boolean * @return boolean
*/ */
// $dirname, $level = 1, $exp_time = null // $dirname, $level = 1, $exp_time = null
function smarty_core_rmdir($params, &$smarty) {
if (!isset($params ['level'])) {
$params ['level'] = 1;
}
if (!isset($params ['exp_time'])) {
$params ['exp_time'] = null;
}
function smarty_core_rmdir($params, &$smarty) if ($_handle = @opendir($params ['dirname'])) {
{
if(!isset($params['level'])) { $params['level'] = 1; }
if(!isset($params['exp_time'])) { $params['exp_time'] = null; }
if($_handle = @opendir($params['dirname'])) { while (false !== ($_entry = readdir($_handle))) {
if (!fs_is_directorycomponent($_entry)) {
while (false !== ($_entry = readdir($_handle))) { if (@is_dir($params ['dirname'] . DIRECTORY_SEPARATOR . $_entry)) {
if ($_entry != '.' && $_entry != '..') { $_params = array(
if (@is_dir($params['dirname'] . DIRECTORY_SEPARATOR . $_entry)) { 'dirname' => $params ['dirname'] . DIRECTORY_SEPARATOR . $_entry,
$_params = array( 'level' => $params ['level'] + 1,
'dirname' => $params['dirname'] . DIRECTORY_SEPARATOR . $_entry, 'exp_time' => $params ['exp_time']
'level' => $params['level'] + 1, );
'exp_time' => $params['exp_time'] smarty_core_rmdir($_params, $smarty);
); } else {
smarty_core_rmdir($_params, $smarty); $smarty->_unlink($params ['dirname'] . DIRECTORY_SEPARATOR . $_entry, $params ['exp_time']);
} }
else { }
$smarty->_unlink($params['dirname'] . DIRECTORY_SEPARATOR . $_entry, $params['exp_time']); }
} closedir($_handle);
} }
}
closedir($_handle);
}
if ($params['level']) {
return @rmdir($params['dirname']);
}
return (bool)$_handle;
if ($params ['level']) {
return @rmdir($params ['dirname']);
}
return (bool) $_handle;
} }
/* vim: set expandtab: */ /* vim: set expandtab: */

333
fp-plugins/mediamanager/panels/panel.mediamanager.file.php
View File

@ -1,197 +1,225 @@
<?php <?php
class admin_uploader_mediamanager extends AdminPanelAction {
class admin_uploader_mediamanager extends AdminPanelAction {
var $finfo; var $finfo;
var $conf; var $conf;
var $langres = 'plugin:mediamanager'; var $langres = 'plugin:mediamanager';
function cmpfiles($a, $b){ function cmpfiles($a, $b) {
$c = strcmp($a['type'],$b['type']); $c = strcmp($a ['type'], $b ['type']);
if ($c==0){ if ($c == 0) {
return strcmp($a['name'],$b['name']); return strcmp($a ['name'], $b ['name']);
} }
return $c; return $c;
} }
function formatBytes($bytes, $precision = 2) { function formatBytes($bytes, $precision = 2) {
$units = array('B', 'KB', 'MB', 'GB', 'TB'); $units = array(
'B',
'KB',
'MB',
'GB',
'TB'
);
$bytes = max($bytes, 0); $bytes = max($bytes, 0);
$pow = floor(($bytes ? log($bytes) : 0) / log(1024)); $pow = floor(($bytes ? log($bytes) : 0) / log(1024));
$pow = min($pow, count($units) - 1); $pow = min($pow, count($units) - 1);
$bytes /= pow(1024, $pow); $bytes /= pow(1024, $pow);
return round($bytes, $precision) . ' ' . $units[$pow];
}
return round($bytes, $precision) . ' ' . $units [$pow];
}
function getFileInfo($filepath) {
function getFileInfo($filepath){
global $fp_config; global $fp_config;
$info = array( $info = array(
"name"=>basename($filepath), "name" => basename($filepath),
"size"=>$this->formatBytes(filesize($filepath)), "size" => $this->formatBytes(filesize($filepath)),
"mtime"=>date_strformat($fp_config['locale']['dateformatshort'], filemtime($filepath)) "mtime" => date_strformat($fp_config ['locale'] ['dateformatshort'], filemtime($filepath))
); );
if (isset($this->conf['usecount'][basename($filepath)])){ if (isset($this->conf ['usecount'] [basename($filepath)])) {
$info['usecount']=$this->conf['usecount'][basename($filepath)]; $info ['usecount'] = $this->conf ['usecount'] [basename($filepath)];
} else { } else {
$info['usecount'] = null; $info ['usecount'] = null;
} }
return $info; return $info;
} }
function setup() { function setup() {
$this->smarty->assign('admin_resource', "plugin:mediamanager/admin.plugin.mediamanager.files"); $this->smarty->assign('admin_resource', "plugin:mediamanager/admin.plugin.mediamanager.files");
} }
function deleteFolder($folder, $mmbaseurl){ function deleteFolder($folder, $mmbaseurl) {
if (!file_exists($folder)) return false; if (!file_exists($folder))
return false;
$dir = opendir($folder); $dir = opendir($folder);
while (false !== ($file = readdir($dir))) { while (false !== ($file = readdir($dir))) {
if (!in_array($file, array(".",".."))) { if (!fs_is_directorycomponent($file)) {
if (is_dir($folder."/".$file)){ if (is_dir($folder . "/" . $file)) {
$this->deleteFolder($folder."/".$file, $mmbaseurl); $this->deleteFolder($folder . "/" . $file, $mmbaseurl);
} else { } else {
if (!unlink($folder."/".$file)) return false; if (!unlink($folder . "/" . $file))
return false;
} }
} }
} }
return rmdir($folder); return rmdir($folder);
} }
function doItemActions($folder, $mmbaseurl){ function doItemActions($folder, $mmbaseurl) {
/* delete file*/ /* delete file */
if (isset($_GET['deletefile'])){ if (isset($_GET ['deletefile'])) {
list($type, $name) = explode("-", $_GET['deletefile'],2); list ($type, $name) = explode("-", $_GET ['deletefile'], 2);
switch($type){ switch ($type) {
case 'attachs': $type=ABS_PATH.ATTACHS_DIR; break; case 'attachs':
case 'images': $type=ABS_PATH.IMAGES_DIR.$folder; break; $type = ABS_PATH . ATTACHS_DIR;
break;
case 'images':
$type = ABS_PATH . IMAGES_DIR . $folder;
break;
case 'gallery': case 'gallery':
if ( !$this->deleteFolder(ABS_PATH.IMAGES_DIR.$name, $mmbaseurl)) if (!$this->deleteFolder(ABS_PATH . IMAGES_DIR . $name, $mmbaseurl))
@utils_redirect($mmbaseurl.'&status=-1'); @utils_redirect($mmbaseurl . '&status=-1');
@utils_redirect($mmbaseurl.'&status=1'); @utils_redirect($mmbaseurl . '&status=1');
return true; return true;
break; break;
default: { @utils_redirect($mmbaseurl.'&status=-1'); return true; } default:
{
@utils_redirect($mmbaseurl . '&status=-1');
return true;
}
} }
if (!file_exists($type.$name)) { @utils_redirect($mmbaseurl.'&status=-1'); return true; } if (!file_exists($type . $name)) {
if (!unlink($type.$name)) { @utils_redirect($mmbaseurl.'&status=-1'); return true; } @utils_redirect($mmbaseurl . '&status=-1');
@utils_redirect($mmbaseurl.'&status=1'); return true;
}
if (!unlink($type . $name)) {
@utils_redirect($mmbaseurl . '&status=-1');
return true;
}
@utils_redirect($mmbaseurl . '&status=1');
return true; return true;
} }
if (isset($_GET['status'])){ if (isset($_GET ['status'])) {
$this->smarty->assign('success', $_GET['status']); $this->smarty->assign('success', $_GET ['status']);
} }
return false; return false;
} }
function main() { function main() {
$mmbaseurl="admin.php?p=uploader&action=mediamanager"; $mmbaseurl = "admin.php?p=uploader&action=mediamanager";
$folder = ""; $gallery=""; $folder = "";
if (isset($_GET['gallery'])){ $gallery = "";
$mmbaseurl .= "&gallery=".$_GET['gallery']; if (isset($_GET ['gallery']) && !fs_is_directorycomponent($_GET ['gallery'])) {
$gallery = str_replace("/","",$_GET['gallery']); $mmbaseurl .= "&gallery=" . $_GET ['gallery'];
$folder = $gallery."/"; $gallery = str_replace("/", "", $_GET ['gallery']);
$folder = $gallery . "/";
} }
$weburl = plugin_geturl('mediamanager'); $weburl = plugin_geturl('mediamanager');
$this->conf = plugin_getoptions('mediamanager'); $this->conf = plugin_getoptions('mediamanager');
if ($this->doItemActions($folder, $mmbaseurl)) return; if ($this->doItemActions($folder, $mmbaseurl))
return;
$files = array(); $files = array();
$galleries = array(); $galleries = array();
$files_needupdate=array(); $files_needupdate = array();
$galleries_needupdate=array(); $galleries_needupdate = array();
# galleries (alwais from IMAGES_DIR) # galleries (alwais from IMAGES_DIR)
if (file_exists(ABS_PATH.IMAGES_DIR)){ if (file_exists(ABS_PATH . IMAGES_DIR)) {
$dir = opendir(ABS_PATH.IMAGES_DIR); $dir = opendir(ABS_PATH . IMAGES_DIR);
while (false !== ($file = readdir($dir))){ while (false !== ($file = readdir($dir))) {
$fullpath=ABS_PATH.IMAGES_DIR.$file; $fullpath = ABS_PATH . IMAGES_DIR . $file;
if (!in_array($file, array(".","..",".thumbs")) && is_dir($fullpath)) { if (!fs_is_directorycomponent($file) && !fs_is_hidden_file($file) && is_dir($fullpath)) {
$info = $this->getFileInfo($fullpath); $info = $this->getFileInfo($fullpath);
$info['type'] = "gallery"; $info ['type'] = "gallery";
$galleries[$fullpath] = $info; $galleries [$fullpath] = $info;
if (is_null($info['usecount'])) { $galleries_needupdate[]=$fullpath;} if (is_null($info ['usecount'])) {
$galleries_needupdate [] = $fullpath;
}
} }
} }
} }
# attachs (NO attachs in galleries) # attachs (NO attachs in galleries)
if ($folder=="" && file_exists(ABS_PATH.ATTACHS_DIR)){ if ($folder == "" && file_exists(ABS_PATH . ATTACHS_DIR)) {
$dir = opendir(ABS_PATH.ATTACHS_DIR); $dir = opendir(ABS_PATH . ATTACHS_DIR);
while (false !== ($file = readdir($dir))) { while (false !== ($file = readdir($dir))) {
if (!in_array($file, array(".",".."))) { if (!fs_is_directorycomponent($file) && !fs_is_hidden_file($file)) {
$fullpath = ABS_PATH.ATTACHS_DIR.$file; $fullpath = ABS_PATH . ATTACHS_DIR . $file;
$info=$this->getFileInfo($fullpath); $info = $this->getFileInfo($fullpath);
$info['type']="attachs"; $info ['type'] = "attachs";
$info['url']=BLOG_ROOT.ATTACHS_DIR.$file; $info ['url'] = BLOG_ROOT . ATTACHS_DIR . $file;
$files[$fullpath]=$info; $files [$fullpath] = $info;
if (is_null($info['usecount'])) { $files_needupdate[]=$fullpath;} if (is_null($info ['usecount'])) {
$files_needupdate [] = $fullpath;
}
} }
} }
} }
# images # images
if (file_exists(ABS_PATH.IMAGES_DIR.$folder)){ if (file_exists(ABS_PATH . IMAGES_DIR . $folder)) {
$dir = opendir(ABS_PATH.IMAGES_DIR.$folder); $dir = opendir(ABS_PATH . IMAGES_DIR . $folder);
while (false !== ($file = readdir($dir))){ while (false !== ($file = readdir($dir))) {
$fullpath=ABS_PATH.IMAGES_DIR.$folder.$file; $fullpath = ABS_PATH . IMAGES_DIR . $folder . $file;
if (!in_array($file, array(".","..",".thumbs")) && !is_dir($fullpath)) { if (!fs_is_directorycomponent($file) && !fs_is_hidden_file($file) && !is_dir($fullpath)) {
$info=$this->getFileInfo($fullpath); $info = $this->getFileInfo($fullpath);
$info['type']="images"; $info ['type'] = "images";
$info['url']=BLOG_ROOT.IMAGES_DIR.$folder.$file; $info ['url'] = BLOG_ROOT . IMAGES_DIR . $folder . $file;
$files[$fullpath]=$info; $files [$fullpath] = $info;
# NO count for images in galleries # NO count for images in galleries
if ($folder=="" && is_null($info['usecount'])) { $files_needupdate[]=$fullpath; } if ($folder == "" && is_null($info ['usecount'])) {
$files_needupdate [] = $fullpath;
}
} }
} }
} }
mediamanager_updateUseCountArr($files,$files_needupdate); mediamanager_updateUseCountArr($files, $files_needupdate);
mediamanager_updateUseCountArr($galleries,$galleries_needupdate); mediamanager_updateUseCountArr($galleries, $galleries_needupdate);
usort($files, Array("admin_uploader_mediamanager","cmpfiles"));
$totalfilescount = (string) count($files);
#paginator
$pages = ceil((count($files)+count($galleries))/ ITEMSPERPAGE);
if ($pages==0) $pages=1;
if (isset($_GET['page'])){
$page = (int) $_GET['page'];
} else {
$page=1;
}
if ($page<1) $page=1;
if ($page>$pages) $page=$pages;
$pagelist = array();
for($k=1; $k<=$pages; $k++ ) $pagelist[]=$k;
$paginator = array( "total"=>$pages,
"current"=>$page,
"limit" => ITEMSPERPAGE,
"pages" => $pagelist
);
$startfrom = ($page-1)*ITEMSPERPAGE; usort($files, Array(
$galleriesout = count(array_slice($galleries,0, $startfrom)); "admin_uploader_mediamanager",
$dropdowngalleries=$galleries; "cmpfiles"
));
$totalfilescount = (string) count($files);
# paginator
$pages = ceil((count($files) + count($galleries)) / ITEMSPERPAGE);
if ($pages == 0)
$pages = 1;
if (isset($_GET ['page'])) {
$page = (int) $_GET ['page'];
} else {
$page = 1;
}
if ($page < 1)
$page = 1;
if ($page > $pages)
$page = $pages;
$pagelist = array();
for($k = 1; $k <= $pages; $k++)
$pagelist [] = $k;
$paginator = array(
"total" => $pages,
"current" => $page,
"limit" => ITEMSPERPAGE,
"pages" => $pagelist
);
$startfrom = ($page - 1) * ITEMSPERPAGE;
$galleriesout = count(array_slice($galleries, 0, $startfrom));
$dropdowngalleries = $galleries;
$galleries = array_slice($galleries, $startfrom, ITEMSPERPAGE); $galleries = array_slice($galleries, $startfrom, ITEMSPERPAGE);
$files = array_slice($files, $startfrom-$galleriesout, ITEMSPERPAGE- count($galleries)); $files = array_slice($files, $startfrom - $galleriesout, ITEMSPERPAGE - count($galleries));
$this->smarty->assign('paginator', $paginator); $this->smarty->assign('paginator', $paginator);
$this->smarty->assign('files', $files); $this->smarty->assign('files', $files);
@ -202,17 +230,17 @@ class admin_uploader_mediamanager extends AdminPanelAction {
$this->smarty->assign('currentgallery', $gallery); $this->smarty->assign('currentgallery', $gallery);
$this->smarty->assign('totalfilescount', $totalfilescount); $this->smarty->assign('totalfilescount', $totalfilescount);
} }
function onsubmit($data = NULL) { function onsubmit($data = NULL) {
if (isset($_POST['mm-newgallery'])){ if (isset($_POST ['mm-newgallery'])) {
$newgallery=$_POST['mm-newgallery-name']; $newgallery = $_POST ['mm-newgallery-name'];
if ($newgallery==""){ if ($newgallery == "") {
$this->smarty->assign('success', -3); $this->smarty->assign('success', -3);
return 2; return 2;
} }
$newgallery = str_replace("/","", $newgallery); $newgallery = str_replace("/", "", $newgallery);
$newgallery = str_replace(".","", $newgallery); $newgallery = str_replace(".", "", $newgallery);
if (mkdir(ABS_PATH.IMAGES_DIR.$newgallery) ) { if (mkdir(ABS_PATH . IMAGES_DIR . $newgallery)) {
$this->smarty->assign('success', 3); $this->smarty->assign('success', 3);
} else { } else {
$this->smarty->assign('success', -2); $this->smarty->assign('success', -2);
@ -220,28 +248,25 @@ class admin_uploader_mediamanager extends AdminPanelAction {
return 2; return 2;
} }
$folder = ""; $folder = "";
if (isset($_GET['gallery'])){ if (isset($_GET ['gallery'])) {
$mmbaseurl .= "&gallery=".$_GET['gallery']; $mmbaseurl .= "&gallery=" . $_GET ['gallery'];
$folder = str_replace("/","",$_GET['gallery'])."/"; $folder = str_replace("/", "", $_GET ['gallery']) . "/";
}
list ($action, $arg) = explode("-", $_POST ['action'], 2);
if (!isset($_POST ['file']))
return 2;
foreach ($_POST ['file'] as $file => $v) {
list ($type, $name) = explode("-", $file, 2);
if ($action == 'atg' && $type == 'images') {
copy(ABS_PATH . IMAGES_DIR . $folder . $name, ABS_PATH . IMAGES_DIR . $arg . '/' . $name);
$this->smarty->assign('success', 2);
}
} }
list($action,$arg) = explode("-",$_POST['action'],2);
if (!isset($_POST['file'])) return 2;
foreach($_POST['file'] as $file=>$v){
list($type,$name) = explode("-",$file,2);
if ($action=='atg' && $type=='images'){
copy( ABS_PATH.IMAGES_DIR.$folder.$name, ABS_PATH.IMAGES_DIR.$arg.'/'.$name);
$this->smarty->assign('success', 2);
}
}
return 2; return 2;
} }
} }
admin_addpanelaction('uploader', 'mediamanager', true); admin_addpanelaction('uploader', 'mediamanager', true);
?>