Skip to content

Commit

Permalink
refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
gruberroland committed Jan 12, 2024
1 parent 57d0fc6 commit 05853e4
Showing 1 changed file with 27 additions and 4 deletions.
31 changes: 27 additions & 4 deletions lam/templates/config/mainmanage.php
Original file line number Diff line number Diff line change
Expand Up @@ -256,11 +256,34 @@
$errors[] = _("Please enter a valid remote server in format \"server:port\".");
}
} else {
if (isset($_POST['logFile']) && ($_POST['logFile'] != "") && preg_match("/^[a-z0-9\\/\\\\:\\._-]+$/i", $_POST['logFile'])) {
$cfg->logDestination = $_POST['logFile'];
} else {
$errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, \\, ., :, _ and -.");
$isValidLogFile = true;
if (!isset($_POST['logFile'])
|| empty($_POST['logFile'])
|| !preg_match("/^[a-z0-9\\/._-]+$/i", $_POST['logFile'])
|| !(str_ends_with($_POST['logFile'], '.log') || str_ends_with($_POST['logFile'], '.txt'))
|| str_contains($_POST['logFile'], '..')
|| str_starts_with($_POST['logFile'], './')
) {
$isValidLogFile = false;
}
$blockedPrefixes = ['/usr', '/etc', '/dev', '/boot', '/lib', '/proc', '/root', '/run', '/sys', '/snap'];
if (!empty($_SERVER['DOCUMENT_ROOT'])) {
$blockedPrefixes[] = $_SERVER['DOCUMENT_ROOT'];
}
foreach ($blockedPrefixes as $blockedPrefix) {
if (!$isValidLogFile) {
break;
}
if (str_starts_with($_POST['logFile'], $blockedPrefix)) {
$isValidLogFile = false;
}
}
if ($isValidLogFile) {
$cfg->logDestination = $_POST['logFile'];
}
else {
$errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, ., _ and -. The file must end with '.log' or '.txt'.");
}
}
// password policies
$cfg->passwordMinLength = $_POST['passwordMinLength'];
Expand Down

0 comments on commit 05853e4

Please sign in to comment.