tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 17:25:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

#11786 Fix get_file

Browse Source
This commit is contained in:
miguel angel rasteu 2023-08-28 14:44:22 +02:00
parent 3b6e947422
commit 94dc07e4ca
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pandora_console/include/get_file.php
View File

@ -46,10 +46,14 @@ $hash = get_parameter('hash');
$file_raw = get_parameter('file'); $file_raw = get_parameter('file');
$file = base64_decode(urldecode($file_raw)); $file = base64_decode(urldecode($file_raw));
$secure_extension = true;
$extension = pathinfo($file, PATHINFO_EXTENSION);
if ($extension === 'php' || $extension === 'js') {
$secure_extension = false;
}
$parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY)); $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
$parse_sec2_query = explode('=', $parse_all_queries[1]); $parse_sec2_query = explode('=', $parse_all_queries[1]);
$dirname = dirname($file); $dirname = dirname($file);
$path_traversal = strpos($file, '../'); $path_traversal = strpos($file, '../');
@ -62,7 +66,7 @@ if (isset($_SERVER['HTTP_ORIGIN']) === false || (isset($_SERVER['HTTP_ORIGIN'])
} }
if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$config['server_unique_identifier']) if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$config['server_unique_identifier'])
|| isset($_SERVER['HTTP_REFERER']) === false || $path_traversal !== false || isset($_SERVER['HTTP_REFERER']) === false || $path_traversal !== false || $secure_extension === false
) { ) {
$errorMessage = __('Security error. Please contact the administrator.'); $errorMessage = __('Security error. Please contact the administrator.');
} else { } else {
@ -100,9 +104,6 @@ if (empty($file) === true || empty($hash) === true || $hash !== md5($file_raw.$c
$downloadable_file = ''; $downloadable_file = '';
break; break;
} }
} else {
// Wrong action.
$downloadable_file = '';
} }
if (empty($downloadable_file) === true || file_exists($downloadable_file) === false) { if (empty($downloadable_file) === true || file_exists($downloadable_file) === false) {