diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2015-02-02 15:02:41 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2015-02-02 15:59:52 +0100 |
| commit | 19421fcdef62e50ea335967cc7e4487e7548db87 (patch) | |
| tree | e608279c5e46c61d81339f01e4977b651adacc22 | |
| parent | 727359156062b49c1b9da75bde6dda8038a7069b (diff) | |
| download | forums-19421fcdef62e50ea335967cc7e4487e7548db87.tar forums-19421fcdef62e50ea335967cc7e4487e7548db87.tar.gz forums-19421fcdef62e50ea335967cc7e4487e7548db87.tar.bz2 forums-19421fcdef62e50ea335967cc7e4487e7548db87.tar.xz forums-19421fcdef62e50ea335967cc7e4487e7548db87.zip | |
[ticket/13568] Validate imagick path as readable absolute path
PHPBB3-13568
| -rw-r--r-- | phpBB/adm/index.php | 36 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 2 |
2 files changed, 37 insertions, 1 deletions
diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php index 85908476a1..885c8f0a1c 100644 --- a/phpBB/adm/index.php +++ b/phpBB/adm/index.php @@ -562,6 +562,42 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) } break; + + // Absolute file path + case 'wapath': + case 'apath': + if (!$cfg_array[$config_name]) + { + break; + } + + $cfg_array[$config_name] = trim($cfg_array[$config_name]); + + // Make sure no NUL byte is present... + if (strpos($cfg_array[$config_name], "\0") !== false || strpos($cfg_array[$config_name], '%00') !== false) + { + $cfg_array[$config_name] = ''; + break; + } + + if (!file_exists($cfg_array[$config_name])) + { + $error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]); + } + else if (!is_dir($cfg_array[$config_name])) + { + $error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]); + } + + // Check if the path is writable + if ($config_definition['validate'] === 'wapath') + { + if (file_exists($cfg_array[$config_name]) && !phpbb_is_writable($cfg_array[$config_name])) + { + $error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]); + } + } + break; } } diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 147783feae..325c6b63cb 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -127,7 +127,7 @@ class acp_attachments 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'path', 'type' => 'text:20:200', 'explain' => true, 'append' => ' <span>[ <a href="' . $this->u_action . '&action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'), + 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'apath', 'type' => 'text:20:200', 'explain' => true, 'append' => ' <span>[ <a href="' . $this->u_action . '&action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) |