[ticket/13568] Validate imagick path as readable absolute path

PHPBB3-13568
2025-02-25 12:33:29 +01:00 · 2015-02-02 15:02:41 +01:00 · 2015-02-02 15:02:41 +01:00 · 19421fcdef
commit 19421fcdef
parent 7273591560
2 changed files with 37 additions and 1 deletions
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@ -562,6 +562,42 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				}

 			break;
+
+			// Absolute file path
+			case 'wapath':
+			case 'apath':
+				if (!$cfg_array[$config_name])
+				{
+					break;
+				}
+
+				$cfg_array[$config_name] = trim($cfg_array[$config_name]);
+
+				// Make sure no NUL byte is present...
+				if (strpos($cfg_array[$config_name], "\0") !== false || strpos($cfg_array[$config_name], '%00') !== false)
+				{
+					$cfg_array[$config_name] = '';
+					break;
+				}
+
+				if (!file_exists($cfg_array[$config_name]))
+				{
+					$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
+				}
+				else if (!is_dir($cfg_array[$config_name]))
+				{
+					$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
+				}
+
+				// Check if the path is writable
+				if ($config_definition['validate'] === 'wapath')
+				{
+					if (file_exists($cfg_array[$config_name]) && !phpbb_is_writable($cfg_array[$config_name]))
+					{
+						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
+					}
+				}
+			break;
 		}
 	}

--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@ -127,7 +127,7 @@ class acp_attachments
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
+						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'apath',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)