N°3248 - code hardening

application/transaction.class.inc.php

@@ -234,7 +234,14 @@ class privUITransactionFile
 	 */
 	public static function IsTransactionValid($id, $bRemoveTransaction = true)
 	{
-		$sFilepath = APPROOT.'data/transactions/'.$id;
+		// Constraint the transaction file within APPROOT.'data/transactions'
+		$sTransactionDir = realpath(APPROOT.'data/transactions');
+		$sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir);
+		if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath)))
+		{
+			return false;
+		}
+
 		clearstatcache(true, $sFilepath);
 		$bResult = file_exists($sFilepath);
 		if ($bResult)
@@ -245,6 +252,7 @@ class privUITransactionFile
 				if (!$bResult)
 				{
 					self::Error('IsTransactionValid: FAILED to remove transaction '.$id);
+					return false;
 				}
 				else
 				{

application/utils.inc.php

@@ -307,6 +307,7 @@ class utils
 			case 'context_param':
 			case 'parameter':
 			case 'field_name':
+			case 'transaction_id':
 				if (is_array($value))
 				{
 					$retValue = array();
@@ -2223,7 +2224,7 @@ class utils
 	 * @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz'
 	 * @param string $sBasePath for example '/var/www/html/itop/data/'
 	 *
-	 * @return bool false if path :
+	 * @return bool|string false if path :
 	 *      * invalid
 	 *      * not allowed
 	 *      * not contained in base path