From 9caf7e3c4588b9e5f3c4471e0ba6597a49a44941 Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 19 Sep 2016 12:48:23 +0200 Subject: [PATCH] add access check to i.php for every file request --- i.php | 44 +++++------------------------------- include/access_check.inc.php | 41 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 38 deletions(-) create mode 100644 include/access_check.inc.php diff --git a/i.php b/i.php index 8b3e89bcd..2225f09dd 100644 --- a/i.php +++ b/i.php @@ -29,8 +29,7 @@ defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/'); defined('PWG_DERIVATIVE_DIR') or define('PWG_DERIVATIVE_DIR', $conf['data_location'].'i/'); @include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php'); - -include(PHPWG_ROOT_PATH . 'include/Logger.class.php'); +include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); $logger = new Logger(array( 'directory' => PHPWG_ROOT_PATH . $conf['data_location'] . $conf['log_dir'], @@ -41,40 +40,6 @@ $logger = new Logger(array( 'filename' => 'log_' . date('Y-m-d') . '_' . sha1(date('Y-m-d') . $conf['db_password']) . '.txt', )); - -function trigger_notify() {} -function get_extension( $filename ) -{ - return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) ); -} - -function mkgetdir($dir) -{ - if ( !is_dir($dir) ) - { - global $conf; - if (substr(PHP_OS, 0, 3) == 'WIN') - { - $dir = str_replace('/', DIRECTORY_SEPARATOR, $dir); - } - $umask = umask(0); - $mkd = @mkdir($dir, $conf['chmod_value'], true); - umask($umask); - if ($mkd==false && !is_dir($dir) /* retest existence because of potential concurrent i.php with slow file systems*/) - { - return false; - } - - $file = $dir.'/index.htm'; - file_exists($file) or @file_put_contents( $file, 'Not allowed!' ); - } - if ( !is_writable($dir) ) - { - return false; - } - return true; -} - // end fast bootstrap function ierror($msg, $code) @@ -258,11 +223,11 @@ function parse_request() } } - if (is_file(PHPWG_ROOT_PATH.$req.$ext)) + if (@is_file(PHPWG_ROOT_PATH.$req.$ext)) { $req = './'.$req; // will be used to match #iamges.path } - elseif (is_file(PHPWG_ROOT_PATH.'../'.$req.$ext)) + elseif (@is_file(PHPWG_ROOT_PATH.'../'.$req.$ext)) { $req = '../'.$req; } @@ -345,6 +310,9 @@ function try_switch_source(DerivativeParams $params, $original_mtime) function send_derivative($expires) { global $page; + + include_once(PHPWG_ROOT_PATH.'include/access_check.inc.php'); + checkAccess(); if (isset($_GET['ajaxload']) and $_GET['ajaxload'] == 'true') { diff --git a/include/access_check.inc.php b/include/access_check.inc.php new file mode 100644 index 000000000..26f77afa9 --- /dev/null +++ b/include/access_check.inc.php @@ -0,0 +1,41 @@ + 'category_id', + 'forbidden_images' => 'image_id', + ), + ' AND' + ).' + LIMIT 1;'; + if (pwg_db_num_rows(pwg_query($query)) < 1) { + doError(401, 'Access denied'); + } +} \ No newline at end of file