Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 17:59:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

* uninstall: do not allow directories outside BASE

Browse Source 
* uninstall: do not allow absolute paths
This commit is contained in:
slawkens 2018-01-08 17:19:56 +01:00
parent 736ec61f85
commit f5aae3361f
2 changed files with 49 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
system/libs/plugins.php
View File

@ -10,6 +10,34 @@
*/ */
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
function is_sub_dir($path = NULL, $parent_folder = SITE_PATH) {
//Get directory path minus last folder
$dir = dirname($path);
$folder = substr($path, strlen($dir));
//Check the the base dir is valid
$dir = realpath($dir);
//Only allow valid filename characters
$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
//If this is a bad path or a bad end folder name
if( !$dir OR !$folder OR $folder === '.') {
return FALSE;
}
//Rebuild path
$path = $dir. '/' . $folder;
//If this path is higher than the parent folder
if( strcasecmp($path, $parent_folder) > 0 ) {
return $path;
}
return FALSE;
}
class Plugins { class Plugins {
private static $warnings = array(); private static $warnings = array();
private static $error = null; private static $error = null;
@ -160,16 +188,32 @@ class Plugins {
else { else {
$success = true; $success = true;
foreach($plugin_info['uninstall'] as $file) { foreach($plugin_info['uninstall'] as $file) {
$file = BASE . $file; if(strpos($file, '/') === 0) {
if(!deleteDirectory($file)) {
$success = false; $success = false;
self::$error = "You cannot use absolute paths (starting with slash - '/'): " . $file;
break;
}
$file = BASE . $file;
if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) {
$success = false;
self::$error = "You don't have rights to delete: " . $file;
break;
}
}
if($success) {
foreach($plugin_info['uninstall'] as $file) {
if(!deleteDirectory(BASE . $file)) {
self::$warnings[] = 'Cannot delete: ' . $$file;
}
} }
} }
if (isset($plugin_info['hooks'])) { if (isset($plugin_info['hooks'])) {
foreach ($plugin_info['hooks'] as $_name => $info) { foreach ($plugin_info['hooks'] as $_name => $info) {
if (defined('HOOK_'. $info['type'])) { if (defined('HOOK_'. $info['type'])) {
$hook = constant('HOOK_'. $info['type']); //$hook = constant('HOOK_'. $info['type']);
$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';'); $query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
if ($query->rowCount() == 1) { // found something if ($query->rowCount() == 1) { // found something
$query = $query->fetch(); $query = $query->fetch();
@ -187,9 +231,6 @@ class Plugins {
return true; return true;
} }
else {
self::$error = error_get_last();
}
} }
} }
} }

2
system/pages/admin/plugins.php
View File

@ -22,7 +22,7 @@ if(isset($_REQUEST['uninstall'])){
success('Successfully uninstalled plugin ' . $uninstall); success('Successfully uninstalled plugin ' . $uninstall);
} }
else { else {
error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError()); error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
} }
} }
else if(isset($_FILES["plugin"]["name"])) else if(isset($_FILES["plugin"]["name"]))