Nemcio/simple-file-manager
1
0
Fork 0
mirror of https://github.com/jcampbell1/simple-file-manager.git synced 2025-02-20 22:00:04 +01:00
Code Issues Packages Projects Releases Activity

Security fix for #73, dont allow downloading of disallowed extensions

Browse Source
This commit is contained in:
John Campbell
2019-10-24 11:24:41 -06:00
parent ae87964f8c
commit cebe7f5194
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
index.php
View File

@@ -49,6 +49,9 @@ if(substr($tmp, 0,strlen($tmp_dir)) !== $tmp_dir)
err(403,"Forbidden"); err(403,"Forbidden");
if(strpos($_REQUEST['file'], DIRECTORY_SEPARATOR) === 0) if(strpos($_REQUEST['file'], DIRECTORY_SEPARATOR) === 0)
err(403,"Forbidden"); err(403,"Forbidden");
if(preg_match('@^.+://@',$_REQUEST['file'])) {
err(403,"Forbidden");
}
if(!$_COOKIE['_sfm_xsrf']) if(!$_COOKIE['_sfm_xsrf'])
@@ -59,8 +62,6 @@ if($_POST) {
} }
$file = $_REQUEST['file'] ?: '.'; $file = $_REQUEST['file'] ?: '.';
// strip url syntax, like file://....
$file = preg_replace('@^.+://@','',$file);
if($_GET['do'] == 'list') { if($_GET['do'] == 'list') {
if (is_dir($file)) { if (is_dir($file)) {
@@ -110,6 +111,10 @@ if($_GET['do'] == 'list') {
$res = move_uploaded_file($_FILES['file_data']['tmp_name'], $file.'/'.$_FILES['file_data']['name']); $res = move_uploaded_file($_FILES['file_data']['tmp_name'], $file.'/'.$_FILES['file_data']['name']);
exit; exit;
} elseif ($_GET['do'] == 'download') { } elseif ($_GET['do'] == 'download') {
foreach($disallowed_extensions as $ext)
if(preg_match(sprintf('/\.%s$/',preg_quote($ext)), $file))
err(403,"Files of this type are not allowed.");
$filename = basename($file); $filename = basename($file);
$finfo = finfo_open(FILEINFO_MIME_TYPE); $finfo = finfo_open(FILEINFO_MIME_TYPE);
header('Content-Type: ' . finfo_file($finfo, $file)); header('Content-Type: ' . finfo_file($finfo, $file));