Lanmikeman/chandler
1
1
Fork 0
mirror of https://github.com/openvk/chandler.git synced 2025-04-01 14:03:59 +03:00
Code Issues Projects Releases Packages Wiki Activity

[IMPORTANT SECURITY] Fix critical directory traversal vulnerability in routing component

Browse source
This commit is contained in:
Jill Stingray 2020-06-14 18:35:49 +03:00
parent f73c48dd50
commit 3e0637e447
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
chandler/MVC/Routing/Router.php
View file

@ -171,7 +171,7 @@ class Router
if($_SERVER["HTTP_IF_NONE_MATCH"] === $hash) if($_SERVER["HTTP_IF_NONE_MATCH"] === $hash)
exit(header("HTTP/1.1 304")); exit(header("HTTP/1.1 304"));
header("Content-Type: " . system_extension_mime_type($file)); header("Content-Type: " . system_extension_mime_type($file) ?? "text/plain; charset=unknown-8bit");
header("Content-Size: " . filesize($file)); header("Content-Size: " . filesize($file));
header("ETag: $hash"); header("ETag: $hash");
@ -252,7 +252,8 @@ class Router
function execute(string $url, ?string $parentModule = null): ?string function execute(string $url, ?string $parentModule = null): ?string
{ {
$this->url = parse_url($url, PHP_URL_PATH); $this->url = chandler_escape_url(parse_url($url, PHP_URL_PATH));
if(!is_null($parentModule)) { if(!is_null($parentModule)) {
$GLOBALS["parentModule"] = $parentModule; $GLOBALS["parentModule"] = $parentModule;
$this->scope["parentModule"] = $GLOBALS["parentModule"]; $this->scope["parentModule"] = $GLOBALS["parentModule"];

6
chandler/procedural/escape_url.php Normal file
View file

@ -0,0 +1,6 @@
<?php declare(strict_types=1);
function chandler_escape_url(string $url): string
{
return preg_replace("%\.\.\/|\/\.\.%", "", $url);
}