Skip to content

Commit

Permalink
correctly validate if a symlink is within the customers home-director…
Browse files Browse the repository at this point in the history
…y if it's not an absolute path; fixes #1242

Signed-off-by: Michael Kaufmann <[email protected]>
  • Loading branch information
d00p committed Mar 8, 2024
1 parent bcf588a commit ce50927
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/Froxlor/FileDir.php
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,12 @@ public static function makeCorrectDir(string $dir, string $fixed_homedir = ""):
if (is_link($check_dir)) {
$original_target = $check_dir;
$check_dir = readlink($check_dir);
$link_dir = dirname($original_target);
// check whether the link is relative or absolute
if (substr($check_dir, 0, 1) != '/') {
// relative directory, prepend link_dir
$check_dir = $link_dir . '/' . $check_dir;
}
if (substr($check_dir, 0, strlen($fixed_homedir)) != $fixed_homedir) {
throw new Exception("Found symlink pointing outside of customer home directory: " . substr($original_target, strlen($fixed_homedir)));
}
Expand Down Expand Up @@ -287,7 +293,7 @@ public static function getUnknownDomainTemplate(string $servername = "")
$tpl_content = lng('admin.templates.unconfigured_content_fallback');
}
}
$redirect_file = FileDir::makeCorrectFile(Froxlor::getInstallDir().'/notice.'.$tpl_ext);
$redirect_file = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/notice.' . $tpl_ext);
file_put_contents($redirect_file, $tpl_content);
return basename($redirect_file);
}
Expand Down

0 comments on commit ce50927

Please sign in to comment.