ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Introduce detaintPathAllowAbsolute. Use it to protect against Path Traversal in files view. Fixes GHSA-8fw2-wh82-vv4h

pull/4159/head
Isaac Connor 2024-09-30 06:42:10 -04:00
parent 7aabf146ba
commit 3b379e99c0
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
web/includes/functions.php
View File

@ -1884,6 +1884,16 @@ function generateConnKey() {
return rand(1, 999999); return rand(1, 999999);
} }
function detaintPathAllowAbsolute($path) {
// Strip out :// because php:// is a way to inject code apparently
$path = str_replace('://', '', $path);
// Remove any absolute paths, or relative ones that want to go up
do {
$path = str_replace('../', '', $path, $count);
} while($count);
return $path;
}
function detaintPath($path) { function detaintPath($path) {
// Strip out :// because php:// is a way to inject code apparently // Strip out :// because php:// is a way to inject code apparently

2
web/skins/classic/views/files.php
View File

@ -23,7 +23,7 @@ if (!canView('Events')) {
return; return;
} }
$path = (!empty($_REQUEST['path'])) ? $_REQUEST['path'] : ZM_DIR_EVENTS; $path = (!empty($_REQUEST['path'])) ? detaintPathAllowAbsolute($_REQUEST['path']) : ZM_DIR_EVENTS;
$is_ok_path = false; $is_ok_path = false;
foreach (ZM\Storage::find() as $storage) { foreach (ZM\Storage::find() as $storage) {
$rc = strstr($path, $storage->Path(), true); $rc = strstr($path, $storage->Path(), true);