From 48c920f848b905f5a3fc0d7590b13f01d105c507 Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Wed, 9 Jan 2019 11:02:21 +0100 Subject: [PATCH 1/2] =?UTF-8?q?N=C2=B01934:=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup/phpcheck.php | 2 ++ setup/phpinfo.php | 6 ++++++ 2 files changed, 8 insertions(+) create mode 100644 setup/phpcheck.php diff --git a/setup/phpcheck.php b/setup/phpcheck.php new file mode 100644 index 0000000000..34f5ccf580 --- /dev/null +++ b/setup/phpcheck.php @@ -0,0 +1,2 @@ +PHP works!'; \ No newline at end of file diff --git a/setup/phpinfo.php b/setup/phpinfo.php index cf6086080a..4590b291ef 100644 --- a/setup/phpinfo.php +++ b/setup/phpinfo.php @@ -1,3 +1,9 @@ From 0bce9c78ea6e8928cb9da1bf1ae138f27f8f167e Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Wed, 9 Jan 2019 14:23:15 +0100 Subject: [PATCH 2/2] =?UTF-8?q?N=C2=B01935:=20Security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- datamodels/2.x/itop-backup/ajax.backup.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/datamodels/2.x/itop-backup/ajax.backup.php b/datamodels/2.x/itop-backup/ajax.backup.php index 97b4859ed2..c228294fc8 100644 --- a/datamodels/2.x/itop-backup/ajax.backup.php +++ b/datamodels/2.x/itop-backup/ajax.backup.php @@ -184,7 +184,15 @@ EOF $sFile = utils::ReadParam('file', '', false, 'raw_data'); $oBackup = new DBBackupScheduled(); $sBackupDir = APPROOT.'data/backups/'; - $oBackup->DownloadBackup($sBackupDir.$sFile); + $sPathNoDotDotPattern = '/^((?!\/\.\.\/).)*$/'; + if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1) + { + $oBackup->DownloadBackup($sBackupDir.$sFile); + } + else + { + throw new InvalidParameterException('Invalid file path'); + } break; } }