[Mapbender-commits] r7113 - in trunk/mapbender: core http/javascripts

[svn_mapbender at osgeo.org]

Author: kmq
Date: 2010-11-11 03:07:43 -0800 (Thu, 11 Nov 2010)
New Revision: 7113

Modified:
   trunk/mapbender/core/system.php
   trunk/mapbender/http/javascripts/map.php
Log:


Modified: trunk/mapbender/core/system.php
===================================================================
--- trunk/mapbender/core/system.php	2010-11-11 10:32:06 UTC (rev 7112)
+++ trunk/mapbender/core/system.php	2010-11-11 11:07:43 UTC (rev 7113)
@@ -75,24 +75,28 @@
  *	Function to check a path for security.
  */
 
-define("MB_BASEDIR",realpath(basename(__FILE__)."/../http/"));
+define("MB_BASEDIR",realpath(dirname(__FILE__)."/../"));
 
+
 function secure($path,$folder = "",$fileExt = null) {
     $secure = true;
+	if(!defined("MB_BASEDIR")){ throw new Exception("MB_BASEDIR must be defined in core/system.php"); }
 
-    if(defined("MB_BASEDIR")) {
-	// PATH START
-	if(realpath(substr(realpath($path),0,strlen(realpath(MB_BASEDIR.$folder)))) != realpath(MB_BASEDIR.$folder))
-	    $secure = false;
+	$basedir = realpath(MB_BASEDIR."/".$folder);
+	$path = realpath($path);
+	// $path must be within the basedir (and optionally within the subdirectory within basedir given by the $folder parameter
+	if(substr($path,0,strlen($basedir)) != $basedir){$secure = false;}
+
 	// PATH END
-	if(!empty($fileExt) AND substr(realpath($path),-strlen($fileExt)) != $fileExt)
+	if(!empty($fileExt) AND substr($path,-strlen($fileExt)) != $fileExt){
 	    $secure = false;
-    } else $secure = false;
+    } 
 
-    if($secure)
-	return $path;
-    else 
-	Throw new Exception("This path is not allowed!");
+    if($secure){
+		return $path;
+	} else {
+		throw new Exception("This path is not allowed! '$path'");
+	}
 }
 
 /*
@@ -106,4 +110,4 @@
     }
 }
 
-?>
\ No newline at end of file
+?>

Modified: trunk/mapbender/http/javascripts/map.php
===================================================================
--- trunk/mapbender/http/javascripts/map.php	2010-11-11 10:32:06 UTC (rev 7112)
+++ trunk/mapbender/http/javascripts/map.php	2010-11-11 11:07:43 UTC (rev 7113)
@@ -72,7 +72,7 @@
 	    	/*
 		 * @security_patch finc done
 		 */
-		require_once(secure($currentFile,"/../extensions/",".js"));
+		require_once(secure($currentFile,"/http/extensions/"));
 		echo "\n\n\n\n";
 	}
 	else {
@@ -108,7 +108,7 @@
 		 * @security_patch finc done
 		 *
 		 */
-		require_once(secure($currentFile,"/../../lib/",".js"));
+		require_once(secure($currentFile,"/../../lib/"));
 		echo "\n\n\n\n";
 	}
 	else {
@@ -144,7 +144,7 @@
 				 * @security_patch finc done
 				 * we dont check the file extension
 				 */
-				require_once(secure($currentFile,$path));
+				require_once(secure($currentFile));
 				echo "\n";
 				$fileFound = true;
 				break;
@@ -253,7 +253,7 @@
 				 * @security_patch finc done
 				 * folder?
 				 */
-				require(secure($currentFile,"",".js"));
+				require(secure($currentFile,""));
 			}	
 
 			echo "\n\t});\n};\n\n";
@@ -279,7 +279,7 @@
 				 * @security_patch finc done
 				 * folder?
 				 */
-				require(secure($currentFile,"",".js"));
+				require(secure($currentFile,""));
 			}
 		}
 	}