composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-20 15:52:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°2988 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2020-05-07 11:32:56 +02:00
parent 0a3f7d7ef7
commit f8e39877b3
2 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
application/utils.inc.php
View File

@@ -2048,4 +2048,33 @@ class utils
{ {
return ITOP_REVISION === 'svn'; return ITOP_REVISION === 'svn';
} }
/**
* @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz'
* @param string $sBasePath for example '/var/www/html/itop/data/'
*
* @return bool false if path :
* * invalid
* * not allowed
* * not contained in base path
* Otherwise return the real path (see realpath())
*
* @since 2.6.5 2.7.0 N°2538
*/
final public static function RealPath($sPath, $sBasePath)
{
$sFileRealPath = realpath($sPath);
if ($sFileRealPath === false)
{
return false;
}
$sRealBasePath = realpath($sBasePath); // avoid problems when having '/' on Windows for example
if (!self::StartsWith($sFileRealPath, $sRealBasePath))
{
return false;
}
return $sFileRealPath;
}
} }

13
datamodels/2.x/itop-backup/ajax.backup.php
View File

@@ -141,11 +141,14 @@ JS
} }
$sToken = utils::ReadParam('token', '', false, 'raw_data'); $sToken = utils::ReadParam('token', '', false, 'raw_data');
$sTokenFile = APPROOT.'/data/restore.'.$sToken.'.tok'; $sBasePath = APPROOT.'/data/';
if (!is_file($sTokenFile)) $sTokenFile = $sBasePath.'restore.'.$sToken.'.tok';
$tokenRealPath = utils::RealPath($sTokenFile, $sBasePath);
if (($tokenRealPath === false) || (!is_file($tokenRealPath)))
{ {
IssueLog::Error("ajax.backup.php operation=$sOperation ERROR = inexisting token $sToken"); IssueLog::Error("ajax.backup.php operation=$sOperation ERROR = inexisting token $sToken");
DisplayErrorAndDie($oPage, "<p>Error: missing token file: '$sTokenFile'</p>"); $sEscapedToken = utils::HtmlEntities($sToken);
DisplayErrorAndDie($oPage, "<p>Error: missing token file: '$sEscapedToken'</p>");
} }
$sEnvironment = utils::ReadParam('environment', 'production', false, 'raw_data'); $sEnvironment = utils::ReadParam('environment', 'production', false, 'raw_data');
@@ -158,8 +161,8 @@ JS
set_time_limit(0); set_time_limit(0);
// Get the file and destroy the token (single usage) // Get the file and destroy the token (single usage)
$sFile = file_get_contents($sTokenFile); $sFile = file_get_contents($tokenRealPath);
unlink($sTokenFile); unlink($tokenRealPath);
// Loading config file : we don't have the MetaModel but we have the current env ! // Loading config file : we don't have the MetaModel but we have the current env !
$sConfigFilePath = utils::GetConfigFilePath($sEnvironment); $sConfigFilePath = utils::GetConfigFilePath($sEnvironment);