tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

FIX Allow double dots in path when not attempting directory traversal (#11219)

Browse Source
This commit is contained in:
Guy Sartorelli 2024-05-06 13:15:26 +12:00 committed by GitHub
parent 44f77ecdac
commit a92baeaf6f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Core/Path.php
View File

@ -34,7 +34,7 @@ class Path
$fullPath = static::normalise(implode(DIRECTORY_SEPARATOR, $parts));
// Protect against directory traversal vulnerability (OTG-AUTHZ-001)
if (strpos($fullPath ?? '', '..') !== false) {
if ($fullPath === '..' || str_ends_with($fullPath, '/..') || str_contains($fullPath, '../')) {
throw new InvalidArgumentException('Can not collapse relative folders');
}

4
tests/php/Core/PathTest.php
View File

@ -48,6 +48,8 @@ class PathTest extends SapphireTest
[['\\', '', '/root', '/', ' ', '/', '\\'], '/root'],
// join blocks of paths
[['/root/dir', 'another/path\\to/join'], '/root/dir/another/path/to/join'],
// Double dot is fine if it's not attempting directory traversal
[['/root/my..name/', 'another/path\\to/join'], '/root/my..name/another/path/to/join'],
];
// Rewrite tests for other filesystems (output arg only)
@ -79,6 +81,8 @@ class PathTest extends SapphireTest
[['/base', '../passwd'], 'Can not collapse relative folders'],
[['/base/../', 'passwd/path'], 'Can not collapse relative folders'],
[['../', 'passwd/path'], 'Can not collapse relative folders'],
[['..', 'passwd/path'], 'Can not collapse relative folders'],
[['base/..', 'passwd/path'], 'Can not collapse relative folders'],
];
}