Merge remote-tracking branch 'origin/support/2.7' into develop

2026-04-23 02:28:44 +02:00 · 2020-08-18 17:50:39 +02:00
parent 91006351d3 6a25933744
commit c69e83f779
4 changed files with 24 additions and 11 deletions
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -3835,19 +3835,24 @@ EOF
 				break;

 			case 'Image':
+				$value = null;
 				$oImage = utils::ReadPostedDocument("attr_{$sFormPrefix}{$sAttCode}", 'fcontents');
-				$aSize = utils::GetImageSize($oImage->GetData());
-				$oImage = utils::ResizeImageToFit($oImage, $aSize[0], $aSize[1], $oAttDef->Get('storage_max_width'),
-					$oAttDef->Get('storage_max_height'));
+				if (!is_null($oImage->GetData()))
+				{
+					$aSize = utils::GetImageSize($oImage->GetData());
+					$oImage = utils::ResizeImageToFit(
+						$oImage,
+						$aSize[0],
+						$aSize[1],
+						$oAttDef->Get('storage_max_width'),
+						$oAttDef->Get('storage_max_height')
+					);
+				}
 				$aOtherData = utils::ReadPostedParam("attr_{$sFormPrefix}{$sAttCode}", null, 'raw_data');
 				if (is_array($aOtherData))
 				{
 					$value = array('fcontents' => $oImage, 'remove' => $aOtherData['remove']);
 				}
-				else
-				{
-					$value = null;
-				}
 				break;

 			case 'RedundancySetting':
--- a/application/transaction.class.inc.php
+++ b/application/transaction.class.inc.php
@@ -234,7 +234,14 @@ class privUITransactionFile
 	 */
 	public static function IsTransactionValid($id, $bRemoveTransaction = true)
 	{
-		$sFilepath = APPROOT.'data/transactions/'.$id;
+		// Constraint the transaction file within APPROOT.'data/transactions'
+		$sTransactionDir = realpath(APPROOT.'data/transactions');
+		$sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir);
+		if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath)))
+		{
+			return false;
+		}
+
 		clearstatcache(true, $sFilepath);
 		$bResult = file_exists($sFilepath);
 		if ($bResult)
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -309,6 +309,7 @@ class utils
 			case 'context_param':
 			case 'parameter':
 			case 'field_name':
+			case 'transaction_id':
 				if (is_array($value))
 				{
 					$retValue = array();
@@ -2225,7 +2226,7 @@ class utils
 	 * @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz'
 	 * @param string $sBasePath for example '/var/www/html/itop/data/'
 	 *
-	 * @return bool false if path :
+	 * @return bool|string false if path :
 	 *      * invalid
 	 *      * not allowed
 	 *      * not contained in base path
--- a/core/dbsearch.class.php
+++ b/core/dbsearch.class.php
@@ -631,7 +631,7 @@ abstract class DBSearch
 		}

 		$sOql = $this->ToOql($bDevelopParams, $aContextParams);
-		return json_encode(array($sOql, $aQueryParams, $this->m_aModifierProperties));
+		return urlencode(json_encode(array($sOql, $aQueryParams, $this->m_aModifierProperties)));
 	}

 	/**
@@ -648,7 +648,7 @@ abstract class DBSearch
 	 */
 	static public function unserialize($sValue)
 	{
-		$aData = json_decode($sValue, true);
+		$aData = json_decode(urldecode($sValue), true);
 		if (is_null($aData))
 		{
 			throw new CoreException("Invalid filter parameter");