mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-04-30 06:49:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add 'root' folder protection to filetree

Browse Source
This commit is contained in:
bergware
2021-08-23 17:48:14 +02:00
parent 7a435c6338
commit f4eef78d94
3 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix/include/FileTree.php
+18 -6
View File
@@ -24,22 +24,34 @@
* -> prevents debug users from exploring system's directory structure
* ex: $root = $_SERVER['DOCUMENT_ROOT'];
*/
$root = '/';
function path($dir) {
return mb_substr($dir,-1)=='/' ? $dir : $dir.'/';
}
function is_top($dir) {
global $root;
return strlen($dir)>strlen($root);
}
function is_low($dir) {
global $root;
return substr($dir,0,strlen($root))==$root;
}
$root = path(realpath($_POST['root']));
if (!$root) exit("ERROR: Root filesystem directory not set in jqueryFileTree.php");
$docroot = '/usr/local/emhttp';
$docroot = '/usr/local/emhttp';
require_once "$docroot/webGui/include/Secure.php";
$rootdir = realpath($root.$_POST['dir']);
$rootdir = path(realpath($_POST['dir']));
$filters = (array)($_POST['filter']);
$match = unbundle($_POST['match']);
$checkbox = $_POST['multiSelect']=='true' ? "<input type='checkbox'>" : "";
echo "<ul class='jqueryFileTree'>";
if ($_POST['show_parent']=='true') echo "<li class='directory collapsed'>$checkbox<a href='#' rel=\"".htmlspecialchars(dirname($rootdir))."/\">..</a></li>";
if ($_POST['show_parent']=='true' && is_top($rootdir)) echo "<li class='directory collapsed'>$checkbox<a href='#' rel=\"".htmlspecialchars(dirname($rootdir))."\">..</a></li>";
if (is_dir($rootdir)) {
if (mb_substr($rootdir,-1)!='/') $rootdir .= '/';
if (is_low($rootdir) && is_dir($rootdir)) {
$names = array_filter(scandir($rootdir),function($n){return $n!='.' && $n!='..';});
if (count($names)) {
natcasesort($names);