mirror/minify
1
0
Fork 0
mirror of https://github.com/mrclay/minify.git synced 2025-08-12 09:05:08 +02:00
Code Issues Releases Wiki Activity

Strip null bytes from GET vars

Browse Source
This commit is contained in:
Steve Clay
2013-07-23 15:52:31 -04:00
parent 07e032a3f0
commit 9f46484c1a
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
min/lib/Minify/Controller/MinApp.php
View File

@@ -20,6 +20,13 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
* @return array Minify options * @return array Minify options
*/ */
public function setupSources($options) { public function setupSources($options) {
// PHP insecure by default: realpath() and other FS functions can't handle null bytes.
foreach (array('g', 'b', 'f') as $key) {
if (isset($_GET[$key])) {
$_GET[$key] = str_replace("\x00", '', (string)$_GET[$key]);
}
}
// filter controller options // filter controller options
$cOptions = array_merge( $cOptions = array_merge(
array( array(
@@ -34,12 +41,7 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
$sources = array(); $sources = array();
$this->selectionId = ''; $this->selectionId = '';
$firstMissingResource = null; $firstMissingResource = null;
if (isset($_GET['g'])) { if (isset($_GET['g'])) {
if (! is_string($_GET['g'])) {
$this->log("GET param 'g' was invalid");
return $options;
}
// add group(s) // add group(s)
$this->selectionId .= 'g=' . $_GET['g']; $this->selectionId .= 'g=' . $_GET['g'];
$keys = explode(',', $_GET['g']); $keys = explode(',', $_GET['g']);
@@ -94,10 +96,6 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
} }
} }
if (! $cOptions['groupsOnly'] && isset($_GET['f'])) { if (! $cOptions['groupsOnly'] && isset($_GET['f'])) {
if (! is_string($_GET['f'])) {
$this->log("GET param 'f' was invalid");
return $options;
}
// try user files // try user files
// The following restrictions are to limit the URLs that minify will // The following restrictions are to limit the URLs that minify will
// respond to. // respond to.
@@ -126,8 +124,7 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
} }
if (isset($_GET['b'])) { if (isset($_GET['b'])) {
// check for validity // check for validity
if (is_string($_GET['b']) if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
&& preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
&& false === strpos($_GET['b'], '..') && false === strpos($_GET['b'], '..')
&& $_GET['b'] !== '.') { && $_GET['b'] !== '.') {
// valid base // valid base

9
min/lib/Minify/Controller/Version1.php
View File

@@ -24,6 +24,11 @@ class Minify_Controller_Version1 extends Minify_Controller_Base {
* *
*/ */
public function setupSources($options) { public function setupSources($options) {
// PHP insecure by default: realpath() and other FS functions can't handle null bytes.
if (isset($_GET['files'])) {
$_GET['files'] = str_replace("\x00", '', (string)$_GET['files']);
}
self::_setupDefines(); self::_setupDefines();
if (MINIFY_USE_CACHE) { if (MINIFY_USE_CACHE) {
$cacheDir = defined('MINIFY_CACHE_DIR') $cacheDir = defined('MINIFY_CACHE_DIR')
@@ -49,8 +54,7 @@ class Minify_Controller_Version1 extends Minify_Controller_Base {
) { ) {
return $options; return $options;
} }
$extension = $m[1];
$files = explode(',', $_GET['files']); $files = explode(',', $_GET['files']);
if (count($files) > MINIFY_MAX_FILES) { if (count($files) > MINIFY_MAX_FILES) {
return $options; return $options;
@@ -61,7 +65,6 @@ class Minify_Controller_Version1 extends Minify_Controller_Base {
. DIRECTORY_SEPARATOR; . DIRECTORY_SEPARATOR;
$prependAbsPaths = $_SERVER['DOCUMENT_ROOT']; $prependAbsPaths = $_SERVER['DOCUMENT_ROOT'];
$sources = array();
$goodFiles = array(); $goodFiles = array();
$hasBadSource = false; $hasBadSource = false;