mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-07 01:06:48 +02:00
Code Issues Releases Wiki Activity

[ticket/13568] Validate imagick path as readable absolute path

Browse Source 
PHPBB3-13568
This commit is contained in:
Marc Alexander
2015-02-02 15:02:41 +01:00
parent 7273591560
commit 19421fcdef
2 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
phpBB/adm/index.php
View File

@@ -562,6 +562,42 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
}
break;
// Absolute file path
case 'wapath':
case 'apath':
if (!$cfg_array[$config_name])
{
break;
}
$cfg_array[$config_name] = trim($cfg_array[$config_name]);
// Make sure no NUL byte is present...
if (strpos($cfg_array[$config_name], "\0") !== false || strpos($cfg_array[$config_name], '%00') !== false)
{
$cfg_array[$config_name] = '';
break;
}
if (!file_exists($cfg_array[$config_name]))
{
$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
}
else if (!is_dir($cfg_array[$config_name]))
{
$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
}
// Check if the path is writable
if ($config_definition['validate'] === 'wapath')
{
if (file_exists($cfg_array[$config_name]) && !phpbb_is_writable($cfg_array[$config_name]))
{
$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
}
}
break;
}
}