[SOLVED] url restriction help

[zipp]

Hello.  With the content management system I'm working with, I have it set up to display urls like "index.php?dir=uploads" the problem is, some one can go "index.php?dir=../../"

 

I am thinking a preg_replace, or something similar. any ideas?

 

maybe somehow set "dir=uploads" as the max folder to go back

 

here is the script im working with:

<table width="150" border="0">
<?php
// show directory content
$dir = "upload/";
function showDir($dir, $i, $maxDepth){
    $i++;
    if($checkDir = opendir($dir)){
        $cDir = 0;
        $cFile = 0;
        // check all files in $dir, add to array listDir or listFile
        while($file = readdir($checkDir)){
            if($file != "." && $file != ".."){
                if(is_dir($dir . "/" . $file)){
                    $listDir[$cDir] = $file;
                    $cDir++;
                }
                else{
                    $listFile[$cFile] = $file;
                    $cFile++;
                }
            }
        }
       
        // show directories
        if(count($listDir) > 0){
            sort($listDir);
            for($j = 0; $j < count($listDir); $j++){
                echo "
                <tr>";
                    $spacer = "";
                    for($l = 0; $l < $i; $l++) $spacer .= " ";
                    // create link
                    $link = "<a href=\"" . $_SERVER["PHP_SELF"] . "?dir=" . $dir . "/" . $listDir[$j] . "\">$listDir[$j]</a>";
                    echo "<td>" . $spacer . $link . "</td>
                </tr>";
                // list all subdirectories up to maxDepth
                if($i < $maxDepth) showDir($dir . "/" . $listDir[$j], $i, $maxDepth);
            }
        }

        // show files
        if(count($listFile) > 0){
            sort($listFile);
            for($k = 0; $k < count($listFile); $k++){
                $spacer = "~>";
                for($l = 0; $l < $i; $l++); //for($l = 0; $l < $i; $l++) $spacer .= " "
			echo "
                <tr>
                    <td>" . $spacer . $listFile[$k] . "</td>
                </tr>"; 
            }
        }       
        closedir($checkDir);
    }
}

if($_GET["dir"] == "" || !is_dir($_GET["dir"])) $dir = getcwd();
else $dir = $_GET["dir"];
// replace backslashes, not necessary, but better to look at
$dir = str_replace("\\", "/", $dir);

/*if (preg_match(".../", $dir)){
$dir = "upload/";
}*/

// show parent path
$pDir = pathinfo($dir);
$parentDir = $pDir["dirname"];

echo "<a href=\"index.php?dir=upload\"><h3>Home</h3></a>";
echo "Current directory: " . $dir . "<br><br>";
//echo "<a href=\"" . $_SERVER["PHP_SELF"] . "?dir=$parentDir\"><h4>Parent directory: $parentDir</h4></a>";

// Display directory content
echo"<table border=0 cellspacing=0 cellpadding=2 width=150>
<tr><th align=left>User & Files</th>";

// specifies the maxDepth of included subdirectories
// set maxDepth to 0 if u want to display the current directory
$maxDepth = 1;
showDir($dir, -1, $maxDepth);
?>
</table>

[wildteen88]

Change these lines:

if($_GET["dir"] == "" || !is_dir($_GET["dir"])) $dir = getcwd();
else $dir = $_GET["dir"];
// replace backslashes, not necessary, but better to look at
$dir = str_replace("\\", "/", $dir);

to:

if(isset($_GET['dir']))
{
    $_GET['dir'] = str_replace("\\", "/", $_GET['dir']);

    if(preg_match("#(./|\.\./)#", $_GET['dir'], $matches) || empty($_GET['dir']))
    {
        $dir = getcwd();
    }
    elseif(!empty($_GET['dir']) && !is_dir($_GET['dir']))
    {
        $dir = getcwd();
    }
    else
    {
        $dir = $_GET['dir'];
    }
}

[zipp]

Thank you for your help. You have ended my great deal of stress