mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-29 09:10:09 +02:00
Code Issues Releases Wiki Activity

Fix several bugs and security issues in AdminerFileUpload plugin

Browse Source
This commit is contained in:
Peter Knut
2024-08-16 13:13:28 +02:00
parent 5fe25fca67
commit 13258de188
2 changed files with 46 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
changes.txt
View File

@@ -8,6 +8,7 @@ Adminer 4.9.0-dev:
- Set saving to file as a default export option.
- Improve URL and email detection.
- Fix AdminerVersionNoverify plugin blocking other plugins to modify HTML head.
- Fix several bugs and security issues in AdminerFileUpload plugin.
- Update composer.json.
Adminer 4.8.2 (released 2024-03-16):

59
plugins/file-upload.php
View File

@@ -1,5 +1,4 @@
<?php
//! delete
/** Edit fields ending with "_path" by <input type="file"> and link to the uploaded files from select
* @link https://www.adminer.org/plugins/#use
@@ -12,9 +11,9 @@ class AdminerFileUpload {
var $uploadPath, $displayPath, $extensions;
/**
* @param string prefix for uploading data (create writable subdirectory for each table containing uploadable fields)
* @param string prefix for displaying data, null stands for $uploadPath
* @param string regular expression with allowed file extensions
* @param string $uploadPath prefix for uploading data (create writable subdirectory for each table containing uploadable fields)
* @param string|null $displayPath prefix for displaying data, null stands for $uploadPath
* @param string $extensions regular expression with allowed file extensions
*/
function __construct($uploadPath = "../static/data/", $displayPath = null, $extensions = "[a-zA-Z0-9]+") {
$this->uploadPath = $uploadPath;
@@ -30,24 +29,56 @@ class AdminerFileUpload {
function processInput($field, $value, $function = "") {
if (preg_match('~(.*)_path$~', $field["field"], $regs)) {
$table = ($_GET["edit"] != "" ? $_GET["edit"] : $_GET["select"]);
$name = "fields-$field[field]";
if ($_FILES[$name]["error"] || !preg_match("~(\\.($this->extensions))?\$~", $_FILES[$name]["name"], $regs2)) {
$tableName = ($_GET["edit"] != "" ? $_GET["edit"] : $_GET["select"]);
$fieldName = $field["field"];
$files = $_FILES["fields"];
// Check upload error and file extension.
if ($files["error"][$fieldName] || !preg_match('~\.(' . $this->extensions . ')$~', $files["name"][$fieldName], $regs2)) {
return false;
}
//! unlink old
$filename = uniqid() . $regs2[0];
if (!move_uploaded_file($_FILES[$name]["tmp_name"], "$this->uploadPath$table/$regs[1]-$filename")) {
// Generate random unique file name.
do {
$filename = $this->generateName() . $regs2[0];
$targetPath = $this->uploadPath . $this->fsEncode($tableName) . "/" . $this->fsEncode($regs[1]) . "-$filename";
} while (file_exists($targetPath));
// Move file to final destination.
if (!move_uploaded_file($files["tmp_name"][$fieldName], $targetPath)) {
return false;
}
return q($filename);
}
}
function selectVal($val, &$link, $field, $original) {
if ($val != "" && preg_match('~(.*)_path$~', $field["field"], $regs)) {
$link = "$this->displayPath$_GET[select]/$regs[1]-$val";
}
private function fsEncode($value) {
// Encode special filesystem characters.
return strtr($value, [
'.' => '%2E',
'/' => '%2F',
'\\' => '%5C',
]);
}
private function generateName()
{
$rand = function_exists("random_int") ? "random_int" : "rand";
$result = '';
for ($i = 0; $i < 16; $i++) {
$code = $rand(97, 132); // random ASCII code for a-z and shifted 0-9
$result .= chr($code > 122 ? $code - 122 + 47 : $code);
}
return $result;
}
function selectVal($val, &$link, $field, $original) {
if ($val != "" && preg_match('~(.*)_path$~', $field["field"], $regs)) {
$link = $this->displayPath . "$_GET[select]/$regs[1]-$val";
}
}
}