composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-17 06:18:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°2988 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2020-05-07 11:32:56 +02:00
parent 0a3f7d7ef7
commit f8e39877b3
2 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
application/utils.inc.php
View File

@@ -2048,4 +2048,33 @@ class utils
{
return ITOP_REVISION === 'svn';
}
/**
* @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz'
* @param string $sBasePath for example '/var/www/html/itop/data/'
*
* @return bool false if path :
* * invalid
* * not allowed
* * not contained in base path
* Otherwise return the real path (see realpath())
*
* @since 2.6.5 2.7.0 N°2538
*/
final public static function RealPath($sPath, $sBasePath)
{
$sFileRealPath = realpath($sPath);
if ($sFileRealPath === false)
{
return false;
}
$sRealBasePath = realpath($sBasePath); // avoid problems when having '/' on Windows for example
if (!self::StartsWith($sFileRealPath, $sRealBasePath))
{
return false;
}
return $sFileRealPath;
}
}

13
datamodels/2.x/itop-backup/ajax.backup.php
View File

@@ -141,11 +141,14 @@ JS
}
$sToken = utils::ReadParam('token', '', false, 'raw_data');
$sTokenFile = APPROOT.'/data/restore.'.$sToken.'.tok';
if (!is_file($sTokenFile))
$sBasePath = APPROOT.'/data/';
$sTokenFile = $sBasePath.'restore.'.$sToken.'.tok';
$tokenRealPath = utils::RealPath($sTokenFile, $sBasePath);
if (($tokenRealPath === false) || (!is_file($tokenRealPath)))
{
IssueLog::Error("ajax.backup.php operation=$sOperation ERROR = inexisting token $sToken");
DisplayErrorAndDie($oPage, "<p>Error: missing token file: '$sTokenFile'</p>");
$sEscapedToken = utils::HtmlEntities($sToken);
DisplayErrorAndDie($oPage, "<p>Error: missing token file: '$sEscapedToken'</p>");
}
$sEnvironment = utils::ReadParam('environment', 'production', false, 'raw_data');
@@ -158,8 +161,8 @@ JS
set_time_limit(0);
// Get the file and destroy the token (single usage)
$sFile = file_get_contents($sTokenFile);
unlink($sTokenFile);
$sFile = file_get_contents($tokenRealPath);
unlink($tokenRealPath);
// Loading config file : we don't have the MetaModel but we have the current env !
$sConfigFilePath = utils::GetConfigFilePath($sEnvironment);