tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix upload file function filter by extension. Fix mib uploader only upload .mib file

This commit is contained in:
Calvo 2023-10-20 13:43:28 +02:00
parent dcd891eedb
commit fdb800c712
2 changed files with 36 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
pandora_console/include/functions_filemanager.php
View File

@ -128,19 +128,18 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
$extension = pathinfo($filename, PATHINFO_EXTENSION); $extension = pathinfo($filename, PATHINFO_EXTENSION);
$umask = io_safe_output((string) get_parameter('umask')); $umask = io_safe_output((string) get_parameter('umask'));
$parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY)); // $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
$parse_sec2_query = explode('=', $parse_all_queries[1]); // $parse_sec2_query = explode('=', $parse_all_queries[1]);
$check_extension = true; // $check_extension = true;
if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') { // if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') {
if ((strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) { // if ((strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) {
$check_extension = false; // $check_extension = false;
} else { // } else {
$check_extension = true; // $check_extension = true;
} // }
} // }
// (strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip') // (strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')
if (strpos($real_directory, $default_real_directory) !== 0 || $check_extension === false) { if (strpos($real_directory, $default_real_directory) !== 0) {
// Perform security check to determine whether received upload // Perform security check to determine whether received upload
// directory is part of the default path for caller uploader and // directory is part of the default path for caller uploader and
// user is not trying to access an external path (avoid // user is not trying to access an external path (avoid
@ -152,12 +151,12 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
// Copy file to directory and change name. // Copy file to directory and change name.
$nombre_archivo = sprintf('%s/%s', $real_directory, $filename); $nombre_archivo = sprintf('%s/%s', $real_directory, $filename);
try { try {
$mimeContentType = mime_content_type($_FILES['file']['tmp_name']); $ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION));
if (empty($filterFilesType) === true || in_array($ext, $filterFilesType) === true) {
if (empty($filterFilesType) === true || in_array($mimeContentType, $filterFilesType) === true) {
$result = copy($_FILES['file']['tmp_name'], $nombre_archivo); $result = copy($_FILES['file']['tmp_name'], $nombre_archivo);
} else { } else {
$error_message = 'The uploaded file is not allowed. Only gif, png or jpg files can be uploaded.'; $types_allowed = implode(', ', $filterFilesType);
$error_message = 'The uploaded file is not allowed. Only '.$types_allowed.' files can be uploaded.';
throw new Exception(__($error_message)); throw new Exception(__($error_message));
} }
} catch (Exception $ex) { } catch (Exception $ex) {
@ -199,19 +198,29 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
$filepath = $_FILES['file']['tmp_name']; $filepath = $_FILES['file']['tmp_name'];
$real_directory = filemanager_safe_directory($destination_directory); $real_directory = filemanager_safe_directory($destination_directory);
$secure = true; $secure = true;
if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') { try {
// Security control structure. $ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION));
$zip = new \ZipArchive; if (empty($filterFilesType) === true || in_array($ext, $filterFilesType) === true) {
if ($zip->open($filepath) === true) { // Security control structure.
for ($i = 0; $i < $zip->numFiles; $i++) { $zip = new \ZipArchive;
$unzip_filename = $zip->getNameIndex($i); if ($zip->open($filepath) === true) {
$extension = pathinfo($unzip_filename, PATHINFO_EXTENSION); for ($i = 0; $i < $zip->numFiles; $i++) {
if (strtolower($extension) !== 'mib') { $unzip_filename = $zip->getNameIndex($i);
$secure = false; $extension = pathinfo($unzip_filename, PATHINFO_EXTENSION);
break; if (in_array(strtolower($extension), $filterFilesType) === false) {
$error_message = 'The uploaded file is not allowed. Only '.$types_allowed.' files can be uploaded.';
$secure = false;
throw new Exception(__($error_message));
}
} }
} }
} }
} catch (Exception $ex) {
db_pandora_audit(
AUDIT_LOG_FILE_MANAGER,
'Error Uploading files: '.$ex->getMessage()
);
$config['filemanager']['message'] = ui_print_error_message(__('Upload error').': '.$ex->getMessage());
} }
if (strpos($real_directory, $default_real_directory) !== 0 || $secure === false) { if (strpos($real_directory, $default_real_directory) !== 0 || $secure === false) {

2
pandora_console/operation/snmpconsole/snmp_mib_uploader.php
View File

@ -91,7 +91,7 @@ $create_text_file = (bool) get_parameter('create_text_file');
$default_real_directory = realpath($config['homedir'].'/'.$fallback_directory); $default_real_directory = realpath($config['homedir'].'/'.$fallback_directory);
if ($upload_file_or_zip === true) { if ($upload_file_or_zip === true) {
upload_file($upload_file_or_zip, $default_real_directory, $real_directory); upload_file($upload_file_or_zip, $default_real_directory, $real_directory, ['mib', 'zip']);
} }
if ($create_text_file === true) { if ($create_text_file === true) {