Clean $type parameter + clean, check_abs_path removes folder references

#security
chamilo · Jan 28, 2021 · eb823e7 · eb823e7
1 parent e8332fd
commit eb823e7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/main/document/download_uploaded_files.php b/main/document/download_uploaded_files.php
@@ -16,6 +16,8 @@
 if (empty($courseInfo)) {
     $courseInfo = api_get_course_info();
 }
+$type = preg_replace("/[^a-zA-Z]+/", '', $type);
+
 if (empty($courseInfo) || empty($type) || empty($file)) {
     api_not_allowed(true);
 }

diff --git a/main/inc/lib/security.lib.php b/main/inc/lib/security.lib.php
@@ -58,6 +58,8 @@ public static function check_abs_path($abs_path, $checker_path)
             return false;
         }
 
+        // Clean $abs_path.
+        $abs_path = str_replace(['//', '../', './'], ['/', '', ''], $abs_path);
         $true_path = str_replace("\\", '/', realpath($abs_path));
         $checker_path = str_replace("\\", '/', realpath($checker_path));