[SOLVED] url restriction help

zipp · July 30, 2007

Hello. With the content management system I'm working with, I have it set up to display urls like "index.php?dir=uploads" the problem is, some one can go "index.php?dir=../../"

I am thinking a preg_replace, or something similar. any ideas?

maybe somehow set "dir=uploads" as the max folder to go back

here is the script im working with:

<table width="150" border="0">
<?php
// show directory content
$dir = "upload/";
function showDir($dir, $i, $maxDepth){
    $i++;
    if($checkDir = opendir($dir)){
        $cDir = 0;
        $cFile = 0;
        // check all files in $dir, add to array listDir or listFile
        while($file = readdir($checkDir)){
            if($file != "." && $file != ".."){
                if(is_dir($dir . "/" . $file)){
                    $listDir[$cDir] = $file;
                    $cDir++;
                }
                else{
                    $listFile[$cFile] = $file;
                    $cFile++;
                }
            }
        }
       
        // show directories
        if(count($listDir) > 0){
            sort($listDir);
            for($j = 0; $j < count($listDir); $j++){
                echo "
                <tr>";
                    $spacer = "";
                    for($l = 0; $l < $i; $l++) $spacer .= " ";
                    // create link
                    $link = "<a href=\"" . $_SERVER["PHP_SELF"] . "?dir=" . $dir . "/" . $listDir[$j] . "\">$listDir[$j]</a>";
                    echo "<td>" . $spacer . $link . "</td>
                </tr>";
                // list all subdirectories up to maxDepth
                if($i < $maxDepth) showDir($dir . "/" . $listDir[$j], $i, $maxDepth);
            }
        }

        // show files
        if(count($listFile) > 0){
            sort($listFile);
            for($k = 0; $k < count($listFile); $k++){
                $spacer = "~>";
                for($l = 0; $l < $i; $l++); //for($l = 0; $l < $i; $l++) $spacer .= " "
			echo "
                <tr>
                    <td>" . $spacer . $listFile[$k] . "</td>
                </tr>"; 
            }
        }       
        closedir($checkDir);
    }
}

if($_GET["dir"] == "" || !is_dir($_GET["dir"])) $dir = getcwd();
else $dir = $_GET["dir"];
// replace backslashes, not necessary, but better to look at
$dir = str_replace("\\", "/", $dir);

/*if (preg_match(".../", $dir)){
$dir = "upload/";
}*/

// show parent path
$pDir = pathinfo($dir);
$parentDir = $pDir["dirname"];

echo "<a href=\"index.php?dir=upload\"><h3>Home</h3></a>";
echo "Current directory: " . $dir . "<br><br>";
//echo "<a href=\"" . $_SERVER["PHP_SELF"] . "?dir=$parentDir\"><h4>Parent directory: $parentDir</h4></a>";

// Display directory content
echo"<table border=0 cellspacing=0 cellpadding=2 width=150>
<tr><th align=left>User & Files</th>";

// specifies the maxDepth of included subdirectories
// set maxDepth to 0 if u want to display the current directory
$maxDepth = 1;
showDir($dir, -1, $maxDepth);
?>
</table>

wildteen88 · July 30, 2007

Change these lines:

if($_GET["dir"] == "" || !is_dir($_GET["dir"])) $dir = getcwd();
else $dir = $_GET["dir"];
// replace backslashes, not necessary, but better to look at
$dir = str_replace("\\", "/", $dir);

to:

if(isset($_GET['dir']))
{
    $_GET['dir'] = str_replace("\\", "/", $_GET['dir']);

    if(preg_match("#(./|\.\./)#", $_GET['dir'], $matches) || empty($_GET['dir']))
    {
        $dir = getcwd();
    }
    elseif(!empty($_GET['dir']) && !is_dir($_GET['dir']))
    {
        $dir = getcwd();
    }
    else
    {
        $dir = $_GET['dir'];
    }
}

zipp · July 30, 2007

Thank you for your help. You have ended my great deal of stress

Sign In

[SOLVED] url restriction help

Recommended Posts

zipp

Link to comment

Share on other sites

wildteen88

Link to comment

Share on other sites

zipp

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information