Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add some sanity check to uploaded file names
  • Loading branch information
ghormann committed Jun 26, 2021
1 parent 244e8ff commit 1142fc2
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 18 deletions.
8 changes: 8 additions & 0 deletions www/api/controllers/files.php
Expand Up @@ -219,6 +219,14 @@ function MoveFile()
}
}

if (! file_exists($uploadDirectory . "/" . $file)) {
$tempFile = sanitizeFilename($file);
if (file_exists($uploadDirectory . "/" . $tempFile)) {
// was sanitized during upload process
$file = $tempFile;
}
}

$status = "OK";

if (file_exists($uploadDirectory . "/" . $file)) {
Expand Down
45 changes: 29 additions & 16 deletions www/common.php
Expand Up @@ -1824,24 +1824,37 @@ function network_list_interfaces_obj()
}

// Return array of FPP Only systems
function getKnownFPPSystems() {
$backupHosts = Array();
$data = file_get_contents('http://localhost/api/fppd/multiSyncSystems');
$arr = json_decode($data, true);

if (array_key_exists("systems", $arr)) {
foreach ($arr["systems"] as $i) {
// FPP Systems are 0x01 to 0x80
if ($i["typeId"] >= 1 && $i["typeId"] < 128) {
$desc = $i["address"] . " - " . $i["hostname"];
$backupHosts[$desc] = $i["address"];
}
}
ksort($backupHosts);
}
return $backupHosts;
function getKnownFPPSystems()
{
$backupHosts = array();
$data = file_get_contents('http://localhost/api/fppd/multiSyncSystems');
$arr = json_decode($data, true);

if (array_key_exists("systems", $arr)) {
foreach ($arr["systems"] as $i) {
// FPP Systems are 0x01 to 0x80
if ($i["typeId"] >= 1 && $i["typeId"] < 128) {
$desc = $i["address"] . " - " . $i["hostname"];
$backupHosts[$desc] = $i["address"];
}
}
ksort($backupHosts);
}
return $backupHosts;
}

// Removes dangerious characters from file names
// Original idea from https://stackoverflow.com/questions/2021624/string-sanitizer-for-filename
function sanitizeFilename($file)
{
$file = preg_replace("([^\w\s\d\-_~,;\[\]\(\).])", '', $file);
// Replace ".." with "." to provent problems
$file = preg_replace("([\.]{2,})", '.', $file);

return $file;
}



/////////////////////////////////////////////////////////////////////////////

Expand Down
5 changes: 3 additions & 2 deletions www/jqupload.php
Expand Up @@ -18,6 +18,7 @@
//////////////////////////////////////////////////////////////////////////////
$skipJSsettings = 1; // need this so config doesn't print out JavaScrip arrays
require_once('config.php');
require_once('common.php');

$output_dir = $uploadDirectory . "/";

Expand All @@ -36,7 +37,7 @@
//If Any browser does not support serializing of multiple files using FormData()
if(!is_array($_FILES["myfile"]["name"])) //single file
{
$fileName = $_FILES["myfile"]["name"];
$fileName = sanitizeFilename($_FILES["myfile"]["name"]);
move_uploaded_file($_FILES["myfile"]["tmp_name"],$output_dir.$fileName);
$ret[]= $fileName;
}
Expand All @@ -45,7 +46,7 @@
$fileCount = count($_FILES["myfile"]["name"]);
for($i=0; $i < $fileCount; $i++)
{
$fileName = $_FILES["myfile"]["name"][$i];
$fileName = sanitizeFilename($_FILES["myfile"]["name"][$i]);
move_uploaded_file($_FILES["myfile"]["tmp_name"][$i],$output_dir.$fileName);
$ret[]= $fileName;
}
Expand Down

0 comments on commit 1142fc2

Please sign in to comment.