Skip to content

Commit

Permalink
fix(core): better check to include file from path
Browse files Browse the repository at this point in the history
  • Loading branch information
stonebuzz authored and cedric-anne committed Jan 25, 2022
1 parent a3fc747 commit 89c6d3d
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 14 deletions.
11 changes: 4 additions & 7 deletions front/commondropdown.form.php
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
<?php

include "../../../inc/includes.php";
$path = PLUGINFIELDS_FRONT_PATH . '/' . $_REQUEST['ddtype'] . '.form.php';
$realpath = str_replace( "\\", "/", realpath($path));
$frontpath = str_replace("\\", "/", realpath(PLUGINFIELDS_FRONT_PATH));
if (strpos($realpath, $frontpath) === 0) {
include_once $path;
} else {
throw new \RuntimeException('Attempt to load unsecure or missing ' . $path .'!');
if (preg_match('/[a-z]/i', $_REQUEST['ddtype']) !== 1) {
throw new \RuntimeException(sprintf('Invalid itemtype "%"', $_REQUEST['ddtype']));
}
$path = PLUGINFIELDS_FRONT_PATH . '/' . $_REQUEST['ddtype'] . '.form.php';
require_once $path;
11 changes: 4 additions & 7 deletions front/commondropdown.php
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
<?php

include "../../../inc/includes.php";
$path = PLUGINFIELDS_FRONT_PATH . '/' . $_REQUEST['ddtype'] . '.php';
$realpath = str_replace( "\\", "/", realpath($path));
$frontpath = str_replace("\\", "/", realpath(PLUGINFIELDS_FRONT_PATH));
if (strpos($realpath, $frontpath) === 0) {
include_once $path;
} else {
throw new \RuntimeException('Attempt to load unsecure or missing ' . $path .'!');
if (preg_match('/[a-z]/i', $_REQUEST['ddtype']) !== 1) {
throw new \RuntimeException(sprintf('Invalid itemtype "%"', $_REQUEST['ddtype']));
}
$path = PLUGINFIELDS_FRONT_PATH . '/' . $_REQUEST['ddtype'] . '.php';
require_once $path;

0 comments on commit 89c6d3d

Please sign in to comment.