diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-04-26 17:55:00 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-04-26 17:55:00 +0200 |
| commit | 40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9 (patch) | |
| tree | af8aeba6f15770a2d07e9489dfc9490572b0d2e6 /lib/helper.php | |
| parent | 0249a72caba9f1a4eeaf51f382a74fe61b66c284 (diff) | |
| download | nextcloud-server-40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9.tar.gz nextcloud-server-40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9.zip | |
fix security check for the path of the requested file
Diffstat (limited to 'lib/helper.php')
| -rwxr-xr-x | lib/helper.php | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/helper.php b/lib/helper.php index a89aa4d37fc..1d9862bf8b1 100755 --- a/lib/helper.php +++ b/lib/helper.php @@ -560,6 +560,23 @@ class OC_Helper { * @return bool */ public static function issubdirectory($sub, $parent){ - return (substr(realpath($sub), 0, strlen(realpath($parent))) == realpath($parent))?true:false; + if($sub == null || $sub == '' || $parent == null || $parent == ''){ + return false; + } + $realpath_sub = realpath($sub); + $realpath_parent = realpath($parent); + if(($realpath_sub == false && substr_count($realpath_sub, './') != 0) || ($realpath_parent == false && substr_count($realpath_parent, './') != 0)){ //it checks for both ./ and ../ + return false; + } + if($realpath_sub && $realpath_sub != '' && $realpath_parent && $realpath_parent != ''){ + if(substr($sub, 0, strlen($parent)) == $parent){ + return true; + } + }else{ + if(substr($realpath_sub, 0, strlen($realpath_parent)) == $realpath_parent){ + return true; + } + } + return false; } } |