Changeset 20714 for trunk/plugins/LocalFilesEditor/include/tpl.inc.php

Timestamp:

Feb 12, 2013, 11:19:57 AM (11 years ago)

Author:

plg

Message:

merge r20712 from branch 2.4 to trunk

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

File:

• trunk/plugins/LocalFilesEditor/include/tpl.inc.php (modified) (4 diffs)

trunk/plugins/LocalFilesEditor/include/tpl.inc.php

@@ -1 +1 @@
 <?php
-
 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
 
-$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
+$edited_file = '';
+
+if (isset($_POST['edit']))
+{
+  $_POST['template'] = $_POST['file_to_edit'];
+}
+
+if (!empty($_POST['template']))
+{
+  if (preg_match('#\.\./#', $_POST['template']))
+  {
+    die('Hacking attempt! template extension must be in template-extension directory');
+  }
+
+  if (!preg_match('#\.tpl$#', $_POST['template']))
+  {
+    die('Hacking attempt! template extension must be a *.tpl file');
+  }
+
+  $template->assign('template', $_POST['template']);
+  
+  $edited_file = './template-extension/'.$_POST['template'];
+}
+
 $content_file = '';
-
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+if (file_exists($edited_file))
 {
-  $edited_file = $_POST['file_to_edit'];
-  if (file_exists($edited_file))
-  {
-    $content_file = file_get_contents($edited_file);
-  }
-  else
-  {
-    $content_file = '';
-  }
+  $content_file = file_get_contents($edited_file);
 }
 
@@ -51 +64 @@
   else
   {
+    $template->assign('template', $filename);
     $edited_file = $_POST['tpl_parent'] . '/' . $filename;
     $content_file = ($_POST['tpl_model'] == '0') ? '' : file_get_contents($_POST['tpl_model']);
@@ -118 +132 @@
   foreach (get_extents() as $pwg_template)
   {
-    $value = './template-extension/' . $pwg_template;
+    $value = $pwg_template;
     $options[$value] =  str_replace('/', ' / ', $pwg_template);
     if ($edited_file == $value) $selected = $value;
@@ -127 +141 @@
     $selected = $edited_file;
   }
-  $template->assign('css_lang_tpl', array(
-    'OPTIONS' => $options,
-    'SELECTED' => $selected,
-    'NEW_FILE_URL' => $my_base_url.'-tpl&amp;newfile',
-    'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right'
-    )
-  );
+  $template->assign(
+    'css_lang_tpl',
+    array(
+      'SELECT_NAME' => 'file_to_edit',
+      'OPTIONS' => $options,
+      'SELECTED' => $selected,
+      'NEW_FILE_URL' => $my_base_url.'-tpl&amp;newfile',
+      'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right'
+      )
+    );
 }