Samuel Georges
parent
0eac53bdd1
commit
fb2aa1730c
|
|
@ -391,7 +391,6 @@ class Controller extends Extendable
|
|||
*/
|
||||
protected function execAjaxHandlers()
|
||||
{
|
||||
|
||||
if ($handler = $this->getAjaxHandler()) {
|
||||
try {
|
||||
/*
|
||||
|
|
@ -406,6 +405,12 @@ class Controller extends Extendable
|
|||
*/
|
||||
if ($partialList = trim(Request::header('X_OCTOBER_REQUEST_PARTIALS'))) {
|
||||
$partialList = explode('&', $partialList);
|
||||
|
||||
foreach ($partialList as $partial) {
|
||||
if (!preg_match('/^(?!.*\/\/)[a-z0-9\_][a-z0-9\_\-\/]*$/i', $partial)) {
|
||||
throw new SystemException(Lang::get('cms::lang.partial.invalid_name', ['name'=>$partial]));
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$partialList = [];
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
<script src="<?= Url::asset('modules/system/assets/ui/storm-min.js') ?>"></script>
|
||||
<script src="<?= Url::to('modules/backend/assets/js/october-min.js') ?>"></script>
|
||||
<script src="<?= Url::to('modules/backend/assets/js/auth/auth.js') ?>"></script>
|
||||
<script src="<?= Url::asset('modules/system/assets/js/lang/lang.'.App::getLocale().'.js') ?>"></script>
|
||||
<?= $this->makeAssets() ?>
|
||||
<?= Block::placeholder('head') ?>
|
||||
<?= $this->makeLayoutPartial('custom_styles') ?>
|
||||
|
|
|
|||
|
|
@ -335,14 +335,6 @@ class MediaManager extends WidgetBase
|
|||
}
|
||||
|
||||
$originalPath = Input::get('originalPath');
|
||||
|
||||
$segments = explode('/', $originalPath);
|
||||
$regexPath = $segments[count($segments)-1];
|
||||
|
||||
if($originalPath != '/' && !$this->validateFileName($regexPath)) {
|
||||
throw new ApplicationException(Lang::get('system::lang.media.invalid_path', compact('originalPath')));
|
||||
}
|
||||
|
||||
$originalPath = MediaLibrary::validatePath($originalPath);
|
||||
$newPath = dirname($originalPath).'/'.$newName;
|
||||
$type = Input::get('type');
|
||||
|
|
@ -394,14 +386,6 @@ class MediaManager extends WidgetBase
|
|||
}
|
||||
|
||||
$path = Input::get('path');
|
||||
|
||||
$segments = explode('/', $path);
|
||||
$regexPath = $segments[count($segments)-1];
|
||||
|
||||
if($path != '/' && !$this->validateFileName($regexPath)) {
|
||||
throw new ApplicationException(Lang::get('system::lang.media.invalid_path', compact('path')));
|
||||
}
|
||||
|
||||
$path = MediaLibrary::validatePath($path);
|
||||
|
||||
$newFolderPath = $path.'/'.$name;
|
||||
|
|
|
|||
|
|
@ -340,7 +340,7 @@ class Theme
|
|||
if (is_string($result)) {
|
||||
$fileName = File::symbolizePath($result);
|
||||
|
||||
if (File::isLocalPath($fileName) || realpath($fileName) !== false) {
|
||||
if (File::isLocalPath($fileName)) {
|
||||
$path = $fileName;
|
||||
}
|
||||
else {
|
||||
|
|
|
|||
|
|
@ -472,21 +472,28 @@ class MediaLibrary
|
|||
return $path;
|
||||
}
|
||||
|
||||
/*
|
||||
* Validate folder names
|
||||
*/
|
||||
if (!preg_match('/^[0-9a-z@\.\s_\-\/]+$/i', $path)) {
|
||||
throw new ApplicationException(Lang::get('system::lang.media.invalid_path', compact('path')));
|
||||
}
|
||||
|
||||
$regexDirectorySeparator = preg_quote('/', '#');
|
||||
$regexDot = preg_quote('.', '#');
|
||||
$regex = [
|
||||
// Checks for parent or current directory reference at beginning of path
|
||||
// Beginning of path
|
||||
'(^'.$regexDot.'+?'.$regexDirectorySeparator.')',
|
||||
|
||||
// Check for parent or current directory reference in middle of path
|
||||
// Middle of path
|
||||
'('.$regexDirectorySeparator.$regexDot.'+?'.$regexDirectorySeparator.')',
|
||||
|
||||
// Check for parent or current directory reference at end of path
|
||||
// End of path
|
||||
'('.$regexDirectorySeparator.$regexDot.'+?$)',
|
||||
];
|
||||
|
||||
/*
|
||||
* Combine everything to one regex
|
||||
* Validate invalid paths
|
||||
*/
|
||||
$regex = '#'.implode('|', $regex).'#';
|
||||
if (preg_match($regex, $path) !== 0 || strpos($path, '//') !== false) {
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ trait ConfigMaker
|
|||
|
||||
$fileName = File::symbolizePath($fileName);
|
||||
|
||||
if (File::isLocalPath($fileName) || realpath($fileName) !== false) {
|
||||
if (File::isLocalPath($fileName)) {
|
||||
return $fileName;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -194,7 +194,7 @@ trait ViewMaker
|
|||
|
||||
$fileName = File::symbolizePath($fileName);
|
||||
|
||||
if (File::isLocalPath($fileName) || realpath($fileName) !== false) {
|
||||
if (File::isLocalPath($fileName)) {
|
||||
return $fileName;
|
||||
}
|
||||
|
||||
|
|
@ -221,7 +221,7 @@ trait ViewMaker
|
|||
*/
|
||||
public function makeFileContents($filePath, $extraParams = [])
|
||||
{
|
||||
if (!strlen($filePath) || !File::isFile($filePath)) {
|
||||
if (!strlen($filePath) || !File::isFile($filePath) || !File::isLocalPath($filePath)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ class MediaLibraryTest extends TestCase // @codingStandardsIgnoreLine
|
|||
{
|
||||
$this->expectException('ApplicationException');
|
||||
MediaLibrary::validatePath($path);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue