Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
path traversal fix
  • Loading branch information
alcalbg committed May 24, 2022
1 parent beb7d19 commit 6e2b68f
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
14 changes: 14 additions & 0 deletions backend/Services/Storage/Filesystem.php
Expand Up @@ -241,6 +241,7 @@ private function applyPathPrefix(string $path): string
) {
$path = $this->separator;
}

return $this->joinPaths($this->getPathPrefix(), $path);
}

Expand All @@ -266,6 +267,9 @@ private function addSeparators(string $dir): string

private function joinPaths(string $path1, string $path2): string
{
$path1 = $this->escapeDots($path1);
$path2 = $this->escapeDots($path2);

if (! $path2 || ! trim($path2, $this->separator)) {
return $this->addSeparators($path1);
}
Expand Down Expand Up @@ -295,4 +299,14 @@ private function getBaseName(string $path): string

return (string) array_pop($tmp);
}

private function escapeDots(string $path): string
{
$path = preg_replace('/\\\+\.{2,}/', '', $path);
$path = preg_replace('/\.{2,}\\\+/', '', $path);
$path = preg_replace('/\/+\.{2,}/', '', $path);
$path = preg_replace('/\.{2,}\/+/', '', $path);

return $path;
}
}
12 changes: 12 additions & 0 deletions tests/backend/Unit/FilesystemTest.php
Expand Up @@ -461,6 +461,18 @@ public function testApplyPathPrefix()
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['../']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['/sub/../../']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..\\']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..\\\\']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..\\..\\']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['\\\\..']));
$this->assertEquals('/john/', $this->invokeMethod($this->storage, 'applyPathPrefix', ['\\..\\..']));
$this->assertEquals('/john/\\.', $this->invokeMethod($this->storage, 'applyPathPrefix', ['\\.\\...']));
$this->assertEquals('/john/\\.', $this->invokeMethod($this->storage, 'applyPathPrefix', ['\\.\\....']));
$this->assertEquals('/john/.\\.', $this->invokeMethod($this->storage, 'applyPathPrefix', ['.\\.\\...']));
$this->assertEquals('/john/.', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..\\.\\...']));
$this->assertEquals('/john/.', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..\\.\\...']));
$this->assertEquals('/john/.', $this->invokeMethod($this->storage, 'applyPathPrefix', ['..\\.\\......']));
$this->assertEquals('/john/.\\', $this->invokeMethod($this->storage, 'applyPathPrefix', ['...\\.\\......\\']));
}

public function testStripPathPrefix()
Expand Down

0 comments on commit 6e2b68f

Please sign in to comment.