From fdb800c712b44901bbf0a57c28542be998b7faf7 Mon Sep 17 00:00:00 2001 From: Calvo Date: Fri, 20 Oct 2023 13:43:28 +0200 Subject: [PATCH] Fix upload file function filter by extension. Fix mib uploader only upload .mib file --- .../include/functions_filemanager.php | 61 +++++++++++-------- .../snmpconsole/snmp_mib_uploader.php | 2 +- 2 files changed, 36 insertions(+), 27 deletions(-) diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index aee3d88730..a390ee2c1a 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -128,19 +128,18 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_ $extension = pathinfo($filename, PATHINFO_EXTENSION); $umask = io_safe_output((string) get_parameter('umask')); - $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY)); - $parse_sec2_query = explode('=', $parse_all_queries[1]); - $check_extension = true; - if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') { - if ((strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) { - $check_extension = false; - } else { - $check_extension = true; - } - } - + // $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY)); + // $parse_sec2_query = explode('=', $parse_all_queries[1]); + // $check_extension = true; + // if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') { + // if ((strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) { + // $check_extension = false; + // } else { + // $check_extension = true; + // } + // } // (strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip') - if (strpos($real_directory, $default_real_directory) !== 0 || $check_extension === false) { + if (strpos($real_directory, $default_real_directory) !== 0) { // Perform security check to determine whether received upload // directory is part of the default path for caller uploader and // user is not trying to access an external path (avoid @@ -152,12 +151,12 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_ // Copy file to directory and change name. $nombre_archivo = sprintf('%s/%s', $real_directory, $filename); try { - $mimeContentType = mime_content_type($_FILES['file']['tmp_name']); - - if (empty($filterFilesType) === true || in_array($mimeContentType, $filterFilesType) === true) { + $ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); + if (empty($filterFilesType) === true || in_array($ext, $filterFilesType) === true) { $result = copy($_FILES['file']['tmp_name'], $nombre_archivo); } else { - $error_message = 'The uploaded file is not allowed. Only gif, png or jpg files can be uploaded.'; + $types_allowed = implode(', ', $filterFilesType); + $error_message = 'The uploaded file is not allowed. Only '.$types_allowed.' files can be uploaded.'; throw new Exception(__($error_message)); } } catch (Exception $ex) { @@ -199,19 +198,29 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_ $filepath = $_FILES['file']['tmp_name']; $real_directory = filemanager_safe_directory($destination_directory); $secure = true; - if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') { - // Security control structure. - $zip = new \ZipArchive; - if ($zip->open($filepath) === true) { - for ($i = 0; $i < $zip->numFiles; $i++) { - $unzip_filename = $zip->getNameIndex($i); - $extension = pathinfo($unzip_filename, PATHINFO_EXTENSION); - if (strtolower($extension) !== 'mib') { - $secure = false; - break; + try { + $ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); + if (empty($filterFilesType) === true || in_array($ext, $filterFilesType) === true) { + // Security control structure. + $zip = new \ZipArchive; + if ($zip->open($filepath) === true) { + for ($i = 0; $i < $zip->numFiles; $i++) { + $unzip_filename = $zip->getNameIndex($i); + $extension = pathinfo($unzip_filename, PATHINFO_EXTENSION); + if (in_array(strtolower($extension), $filterFilesType) === false) { + $error_message = 'The uploaded file is not allowed. Only '.$types_allowed.' files can be uploaded.'; + $secure = false; + throw new Exception(__($error_message)); + } } } } + } catch (Exception $ex) { + db_pandora_audit( + AUDIT_LOG_FILE_MANAGER, + 'Error Uploading files: '.$ex->getMessage() + ); + $config['filemanager']['message'] = ui_print_error_message(__('Upload error').': '.$ex->getMessage()); } if (strpos($real_directory, $default_real_directory) !== 0 || $secure === false) { diff --git a/pandora_console/operation/snmpconsole/snmp_mib_uploader.php b/pandora_console/operation/snmpconsole/snmp_mib_uploader.php index 32db1d6b1b..2523e32b13 100644 --- a/pandora_console/operation/snmpconsole/snmp_mib_uploader.php +++ b/pandora_console/operation/snmpconsole/snmp_mib_uploader.php @@ -91,7 +91,7 @@ $create_text_file = (bool) get_parameter('create_text_file'); $default_real_directory = realpath($config['homedir'].'/'.$fallback_directory); if ($upload_file_or_zip === true) { - upload_file($upload_file_or_zip, $default_real_directory, $real_directory); + upload_file($upload_file_or_zip, $default_real_directory, $real_directory, ['mib', 'zip']); } if ($create_text_file === true) {