Add new DIRNAME mode for sanitization, same as filenames except that it lets the / pass through.

cdujeu · cdujeu · commit e6afe73d3d58 · 2015-06-16T15:23:29.000+02:00
Use strpos() instead of deprecated ereg() function.
diff --git a/core/src/core/classes/class.AJXP_Utils.php b/core/src/core/classes/class.AJXP_Utils.php
@@ -25,6 +25,7 @@
 define('AJXP_SANITIZE_ALPHANUM', 3);
 define('AJXP_SANITIZE_EMAILCHARS', 4);
 define('AJXP_SANITIZE_FILENAME', 5);
+define('AJXP_SANITIZE_DIRNAME', 6);
 
 // THESE ARE DEFINED IN bootstrap_context.php
 // REPEAT HERE FOR BACKWARD COMPATIBILITY.
@@ -189,7 +190,7 @@ public static function sanitize($s, $level = AJXP_SANITIZE_HTML, $expand = 'scri
             return preg_replace("/[^a-zA-Z0-9_\-\.]/", "", $s);
         } else if ($level == AJXP_SANITIZE_EMAILCHARS) {
             return preg_replace("/[^a-zA-Z0-9_\-\.@!%\+=|~\?]/", "", $s);
-        } else if ($level == AJXP_SANITIZE_FILENAME) {
+        } else if ($level == AJXP_SANITIZE_FILENAME || $level == AJXP_SANITIZE_DIRNAME) {
             // Convert Hexadecimals
             $s = preg_replace_callback('!(&#|\\\)[xX]([0-9a-fA-F]+);?!', array('AJXP_Utils', 'clearHexaCallback'), $s);
             // Clean up entities
@@ -199,9 +200,11 @@ public static function sanitize($s, $level = AJXP_SANITIZE_HTML, $expand = 'scri
             // Strip whitespace characters
             $s = trim($s);
             $s = str_replace(chr(0), "", $s);
-            $s = preg_replace("/[\"\/\|\?\\\]/", "", $s);
+            if($level == AJXP_SANITIZE_FILENAME) $s = preg_replace("/[\"\/\|\?\\\]/", "", $s);
+            else $s = preg_replace("/[\"\|\?\\\]/", "", $s);
             if(self::detectXSS($s)){
-                $s = "XSS Detected - Rename Me";
+                if(strpos($s, "/") === 0) $s = "/XSS Detected - Rename Me";
+                else $s = "XSS Detected - Rename Me";
             }
             return $s;
         }
@@ -337,7 +340,7 @@ public static function parseFileDataErrors($boxData, $throwException=false)
             $errorsArray[UPLOAD_ERR_EXTENSION] = array(410, $mess[542]);
             if ($userfile_error == UPLOAD_ERR_NO_FILE) {
                 // OPERA HACK, do not display "no file found error"
-                if (!ereg('Opera', $_SERVER['HTTP_USER_AGENT'])) {
+                if (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') === false) {
                     $data = $errorsArray[$userfile_error];
                     if($throwException) throw new Exception($data[1], $data[0]);
                     return $data;
diff --git a/core/src/plugins/access.fs/class.fsAccessDriver.php b/core/src/plugins/access.fs/class.fsAccessDriver.php
@@ -233,7 +233,7 @@ public function switchAction($action, $httpVars, $fileVars)
         if(!isSet($this->actions[$action])) return;
         parent::accessPreprocess($action, $httpVars, $fileVars);
         $selection = new UserSelection($this->repository);
-        $dir = $httpVars["dir"] OR "";
+        $dir = AJXP_Utils::sanitize($httpVars["dir"], AJXP_SANITIZE_DIRNAME) OR "";
         if ($this->wrapperClassName == "fsAccessWrapper") {
             $dir = fsAccessWrapper::patchPathForBaseDir($dir);
         }

Original file line number	Diff line number	Diff line change
`@@ -233,7 +233,7 @@ public function switchAction($action, $httpVars, $fileVars)`
`233`	`233`	`if(!isSet($this->actions[$action])) return;`
`234`	`234`	`parent::accessPreprocess($action, $httpVars, $fileVars);`
`235`	`235`	`$selection = new UserSelection($this->repository);`
`236`		`- $dir = $httpVars["dir"] OR "";`
	`236`	`+ $dir = AJXP_Utils::sanitize($httpVars["dir"], AJXP_SANITIZE_DIRNAME) OR "";`
`237`	`237`	`if ($this->wrapperClassName == "fsAccessWrapper") {`
`238`	`238`	`$dir = fsAccessWrapper::patchPathForBaseDir($dir);`
`239`	`239`	`}`