MAGETWO-83584: Filesystem write access with path traversal on "static.php"

OlgaVasyltsun · OlgaVasyltsun · commit 4d62e72ceed2 · 2018-03-06T16:35:27.000+02:00
diff --git a/lib/internal/Magento/Framework/App/StaticResource.php b/lib/internal/Magento/Framework/App/StaticResource.php
@@ -165,7 +165,7 @@ protected function parsePath($path)
     {
         $path = ltrim($path, '/');
         $parts = explode('/', $path, 6);
-        if (count($parts) < 5 || mb_strpos($path, '..') !== false) {
+        if (count($parts) < 5 || preg_match('/\.\.(\\\|\/)/', $path)) {
             //Checking that path contains all required parts and is not above static folder.
             throw new \InvalidArgumentException("Requested path '$path' is wrong.");
         }

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ protected function parsePath($path)`
`165`	`165`	`{`
`166`	`166`	`$path = ltrim($path, '/');`
`167`	`167`	`$parts = explode('/', $path, 6);`
`168`		`- if (count($parts) < 5 \|\| mb_strpos($path, '..') !== false) {`
	`168`	`+ if (count($parts) < 5 \|\| preg_match('/\.\.(\\\\|\/)/', $path)) {`
`169`	`169`	`//Checking that path contains all required parts and is not above static folder.`
`170`	`170`	`throw new \InvalidArgumentException("Requested path '$path' is wrong.");`
`171`	`171`	`}`