composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°3248 - code hardening

Browse Source
This commit is contained in:
Eric
2020-08-18 17:02:46 +02:00
parent 6176af089c
commit f74c78d61c
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
application/transaction.class.inc.php
View File

@@ -234,7 +234,14 @@ class privUITransactionFile
*/
public static function IsTransactionValid($id, $bRemoveTransaction = true)
{
$sFilepath = APPROOT.'data/transactions/'.$id;
// Constraint the transaction file within APPROOT.'data/transactions'
$sTransactionDir = realpath(APPROOT.'data/transactions');
$sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir);
if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath)))
{
return false;
}
clearstatcache(true, $sFilepath);
$bResult = file_exists($sFilepath);
if ($bResult)
@@ -245,6 +252,7 @@ class privUITransactionFile
if (!$bResult)
{
self::Error('IsTransactionValid: FAILED to remove transaction '.$id);
return false;
}
else
{