From 05853e4c0a73abe6a8ec64f53658184e84b6806a Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Fri, 12 Jan 2024 20:17:07 +0100 Subject: [PATCH] refactoring --- lam/templates/config/mainmanage.php | 31 +++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/lam/templates/config/mainmanage.php b/lam/templates/config/mainmanage.php index 2ae2db4d6..6bc9235bc 100644 --- a/lam/templates/config/mainmanage.php +++ b/lam/templates/config/mainmanage.php @@ -256,11 +256,34 @@ $errors[] = _("Please enter a valid remote server in format \"server:port\"."); } } else { - if (isset($_POST['logFile']) && ($_POST['logFile'] != "") && preg_match("/^[a-z0-9\\/\\\\:\\._-]+$/i", $_POST['logFile'])) { - $cfg->logDestination = $_POST['logFile']; - } else { - $errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, \\, ., :, _ and -."); + $isValidLogFile = true; + if (!isset($_POST['logFile']) + || empty($_POST['logFile']) + || !preg_match("/^[a-z0-9\\/._-]+$/i", $_POST['logFile']) + || !(str_ends_with($_POST['logFile'], '.log') || str_ends_with($_POST['logFile'], '.txt')) + || str_contains($_POST['logFile'], '..') + || str_starts_with($_POST['logFile'], './') + ) { + $isValidLogFile = false; } + $blockedPrefixes = ['/usr', '/etc', '/dev', '/boot', '/lib', '/proc', '/root', '/run', '/sys', '/snap']; + if (!empty($_SERVER['DOCUMENT_ROOT'])) { + $blockedPrefixes[] = $_SERVER['DOCUMENT_ROOT']; + } + foreach ($blockedPrefixes as $blockedPrefix) { + if (!$isValidLogFile) { + break; + } + if (str_starts_with($_POST['logFile'], $blockedPrefix)) { + $isValidLogFile = false; + } + } + if ($isValidLogFile) { + $cfg->logDestination = $_POST['logFile']; + } + else { + $errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, ., _ and -. The file must end with '.log' or '.txt'."); + } } // password policies $cfg->passwordMinLength = $_POST['passwordMinLength'];