tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#11786 Check traversal path

This commit is contained in:
miguel angel rasteu 2023-08-24 10:52:53 +02:00
parent 9e747e9952
commit 498a957571
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/include/get_file.php
View File

@ -45,6 +45,12 @@ if ($auth_method !== 'ad' && $auth_method !== 'ldap') {
$hash = get_parameter('hash');
$file_raw = get_parameter('file');
$file_content = file_get_contents($file);
$secure = true;
if (strpos($file_content, '../') !== false || strpos($file_content, '..//') !== false) {
$secure = false;
}
$file = base64_decode(urldecode($file_raw));
// Avoid possible inifite loop with referer.
if (isset($_SERVER['HTTP_ORIGIN']) === false || (isset($_SERVER['HTTP_ORIGIN']) === true && $_SERVER['HTTP_REFERER'] === $_SERVER['HTTP_ORIGIN'].$_SERVER['REQUEST_URI'])) {