Skip to content

Commit 0aa8f7e

Browse files
author
tuunalai
committed
fix security
1 parent c607267 commit 0aa8f7e

File tree

3 files changed

+48
-1
lines changed

3 files changed

+48
-1
lines changed

composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
"ext-json": "*",
3737
"ext-simplexml": "*",
3838
"ext-mbstring": "*",
39+
"ext-libxml": "*",
3940
"guzzlehttp/guzzle": "^6.2.1 || ^7.0",
4041
"guzzlehttp/guzzle-services": "^1.1",
4142
"guzzlehttp/psr7": "^1.3.1 || ^2.0"

src/Client.php

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -553,10 +553,29 @@ public function upload($bucket, $key, $body, $options = array()) {
553553
return $rt;
554554
}
555555

556+
public static function simplifyPath($path) {
557+
$names = explode("/", $path);
558+
$stack = array();
559+
foreach ($names as $name) {
560+
if ($name == "..") {
561+
if (!empty($stack)) {
562+
array_pop($stack);
563+
}
564+
} elseif ($name && $name != ".") {
565+
array_push($stack, $name);
566+
}
567+
}
568+
return "/" . implode("/", $stack);
569+
}
570+
556571
public function download($bucket, $key, $saveAs, $options = array()) {
557572
$options['PartSize'] = isset($options['PartSize']) ? $options['PartSize'] : RangeDownload::DEFAULT_PART_SIZE;
558573
$versionId = isset($options['VersionId']) ? $options['VersionId'] : '';
559-
574+
if ("/" == self::simplifyPath($key)) {
575+
$e = new Exception\CosException('GET OBEJCT NOT FOUND');
576+
$e->setExceptionCode('404');
577+
throw $e;
578+
}
560579
$rt = $this->headObject(array(
561580
'Bucket'=>$bucket,
562581
'Key'=>$key,
@@ -664,6 +683,12 @@ public function doesObjectExist($bucket, $key, array $options = array())
664683
}
665684

666685
public static function explodeKey($key) {
686+
687+
if ("/" == self::simplifyPath($key)) {
688+
$e = new Exception\CosException('GET OBEJCT NOT FOUND');
689+
$e->setExceptionCode('404');
690+
throw $e;
691+
}
667692
// Remove a leading slash if one is found
668693
$split_key = explode('/', $key && $key[0] == '/' ? substr($key, 1) : $key);
669694
// Remove empty element

src/ResultTransformer.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
8686
$length = intval($result['ContentLength']);
8787
if($length > 0){
8888
$content = $this->geCiContentInfo($result, $length);
89+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
90+
libxml_disable_entity_loader(true);
91+
}
8992
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
9093
$xmlData = json_decode(json_encode($obj),true);
9194
if ($picRuleSize == 1 && isset($xmlData['ProcessResults']['Object'])){
@@ -101,6 +104,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
101104
$length = intval($result['ContentLength']);
102105
if($length > 0){
103106
$content = $this->geCiContentInfo($result, $length);
107+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
108+
libxml_disable_entity_loader(true);
109+
}
104110
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
105111
$arr = json_decode(json_encode($obj),true);
106112
$result['GuetzliStatus'] = isset($arr[0]) ? $arr[0] : '';
@@ -111,6 +117,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
111117
$length = intval($result['ContentLength']);
112118
if($length > 0){
113119
$content = $this->geCiContentInfo($result, $length);
120+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
121+
libxml_disable_entity_loader(true);
122+
}
114123
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
115124
$arr = json_decode(json_encode($obj),true);
116125
$result['CIStatus'] = isset($arr[0]) ? $arr[0] : '';
@@ -122,6 +131,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
122131
$length = intval($result['ContentLength']);
123132
if($length > 0){
124133
$content = $this->geCiContentInfo($result, $length);
134+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
135+
libxml_disable_entity_loader(true);
136+
}
125137
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
126138
$arr = json_decode(json_encode($obj),true);
127139
$result['OriginProtectStatus'] = isset($arr[0]) ? $arr[0] : '';
@@ -133,6 +145,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
133145
$length = intval($result['ContentLength']);
134146
if($length > 0){
135147
$content = $this->geCiContentInfo($result, $length);
148+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
149+
libxml_disable_entity_loader(true);
150+
}
136151
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
137152
$arr = json_decode(json_encode($obj),true);
138153
$result['Hotlink'] = $arr;
@@ -144,6 +159,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
144159
$length = intval($result['ContentLength']);
145160
if($length > 0){
146161
$content = $this->geCiContentInfo($result, $length);
162+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
163+
libxml_disable_entity_loader(true);
164+
}
147165
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
148166
$arr = json_decode(json_encode($obj),true);
149167
$result['TranslationResult'] = isset($arr[0]) ? $arr[0] : '';
@@ -204,6 +222,9 @@ public function ciContentInfoTransformer(CommandInterface $command, Result $resu
204222
$length = intval($result['ContentLength']);
205223
if($length > 0){
206224
$content = $this->geCiContentInfo($result, $length);
225+
if (version_compare(PHP_VERSION, '8.0.0', '<')) {
226+
libxml_disable_entity_loader(true);
227+
}
207228
$obj = simplexml_load_string($content, "SimpleXMLElement", LIBXML_NOCDATA);
208229
$xmlData = json_decode(json_encode($obj),true);
209230
$result['Response'] = $xmlData;

0 commit comments

Comments
 (0)