[Mapbender-commits] r7108 - trunk/mapbender/core
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Nov 11 05:00:26 EST 2010
Author: apour
Date: 2010-11-11 02:00:26 -0800 (Thu, 11 Nov 2010)
New Revision: 7108
Modified:
trunk/mapbender/core/system.php
Log:
Added the security_patch_log and secure function.
Modified: trunk/mapbender/core/system.php
===================================================================
--- trunk/mapbender/core/system.php 2010-11-11 09:59:17 UTC (rev 7107)
+++ trunk/mapbender/core/system.php 2010-11-11 10:00:26 UTC (rev 7108)
@@ -69,3 +69,41 @@
"mb_md_editMetadataByService,mb_md_editMetadataByApplication,md_editor_xml_import," .
"muenster_setExtRequest,muenster_toolbar,csvUpload"
);
+
+
+/*
+ * Function to check a path for security.
+ */
+
+define("MB_BASEDIR",realpath(basedir(__FILE__)."/../http/"));
+
+function secure($path,$folder = "",$fileExt = null) {
+ $secure = true;
+
+ if(defined("MB_BASEDIR")) {
+ // PATH START
+ if(realpath(substr(realpath($path),0,strlen(MB_BASEDIR.$folder))) != realpath(MB_BASEDIR.$folder))
+ $secure = false;
+ // PATH END
+ if(!empty($fileExt) AND substr(realpath($path),-strlen($fileExt)) != $fileExt)
+ $secure = false;
+ } else $secure = false;
+
+ if($secure)
+ return $path;
+ else
+ Throw new Exception("This path is not allowed!");
+}
+
+/*
+ * @security_patch Helper
+ */
+function security_patch_log($file,$line) {
+ $h = fopen("../log/security_patch.log","a+");
+ if($h) {
+ fwrite($h,date("Y.m.d H:i")." FILE : ".$file." | LINE : ".$line." | POST : ".implode(",",array_keys($_POST))." | GET : ".implode(",",array_keys($_GET))." | FILE : ".implode(",",array_keys($_FILE))." |\n");
+ fclose($h);
+ }
+}
+
+?>
\ No newline at end of file
More information about the Mapbender_commits
mailing list