N°3248 - code hardening

(cherry picked from commit 6a25933744)
(cherry picked from commit f74c78d61c)

application/transaction.class.inc.php

@@ -233,7 +233,14 @@ class privUITransactionFile
 	 */
 	public static function IsTransactionValid($id, $bRemoveTransaction = true)
 	{
-		$sFilepath = APPROOT.'data/transactions/'.$id;
+		// Constraint the transaction file within APPROOT.'data/transactions'
+		$sTransactionDir = realpath(APPROOT.'data/transactions');
+		$sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir);
+		if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath)))
+		{
+			return false;
+		}
+
 		clearstatcache(true, $sFilepath);
 		$bResult = file_exists($sFilepath);
 		if ($bResult)

application/utils.inc.php

@@ -308,6 +308,7 @@ class utils
 			case 'context_param':
 			case 'parameter':
 			case 'field_name':
+			case 'transaction_id':
 				if (is_array($value))
 				{
 					$retValue = array();
@@ -2086,7 +2087,7 @@ class utils
 	 * @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz'
 	 * @param string $sBasePath for example '/var/www/html/itop/data/'
 	 *
-	 * @return bool false if path :
+	 * @return bool|string false if path :
 	 *      * invalid
 	 *      * not allowed
 	 *      * not contained in base path