From 8bbc68ca75c7098a05dbe3ce52205af873f1442d Mon Sep 17 00:00:00 2001 From: Paolo Date: Fri, 5 Nov 2021 13:19:44 +0100 Subject: [PATCH] Bufix: in case the file name contains not escaped / then it prints out an error and quit the execution --- application/libraries/ExtensionsLib.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/application/libraries/ExtensionsLib.php b/application/libraries/ExtensionsLib.php index ac74c1a64..39a83931b 100644 --- a/application/libraries/ExtensionsLib.php +++ b/application/libraries/ExtensionsLib.php @@ -91,6 +91,13 @@ class ExtensionsLib $uploadData = $this->_uploadExtension(); // perform the upload of the file and returns info about it } + // If the given filename is the upper directory or the current one + if (trim($uploadData->fullPath) == '..' || trim($uploadData->fullPath) == '.') + { + $this->_printFailure('wrong file name: / has to be escaped with %2F'); + $uploadData = null; // then it is a wrong one! + } + if ($uploadData != null) // if no error occurred { $this->_extractExtension($uploadData->fullPath); // extract the archive of the uploaded extension @@ -321,6 +328,16 @@ class ExtensionsLib $this->_printFailure('provided an invalid archive'); } catch (PharException $pe) + { + $this->_errorOccurred = true; + $this->_printFailure('phar error occurred'); + } + catch (InvalidArgumentException $iae) + { + $this->_errorOccurred = true; + $this->_printFailure('wrong file name'); + } + catch (Exception $e) { $this->_errorOccurred = true; $this->_printFailure('generic error occurred, check logs');