N°1935: Security hardening

2026-04-19 00:28:47 +02:00 · 2019-01-09 14:23:15 +01:00
parent 48c920f848
commit 0bce9c78ea
1 changed files with 9 additions and 1 deletions
--- a/datamodels/2.x/itop-backup/ajax.backup.php
+++ b/datamodels/2.x/itop-backup/ajax.backup.php
@@ -184,7 +184,15 @@ EOF
 			$sFile = utils::ReadParam('file', '', false, 'raw_data');
 			$oBackup = new DBBackupScheduled();
 			$sBackupDir = APPROOT.'data/backups/';
-			$oBackup->DownloadBackup($sBackupDir.$sFile);
+			$sPathNoDotDotPattern = '/^((?!\/\.\.\/).)*$/';
+			if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1)
+			{
+				$oBackup->DownloadBackup($sBackupDir.$sFile);
+			}
+			else
+			{
+				throw new InvalidParameterException('Invalid file path');
+			}
 			break;
 	}
 }