null byte injection check

2 years ago · adbc870914
parent 3772e4d386
commit adbc870914
2 changed files with 8 additions and 3 deletions
--- a/src/bootstrap/requires.php
+++ b/src/bootstrap/requires.php
@ -20,13 +20,18 @@ final class requires {
    }

    public static function is_dangerous(string $file): bool {
+        // Make sure the file does not contain null bytes to avoid PHAR file attacks
+        if (strpos($file, "\x00") !== false) {
+            return true;
+        }
+
        // Remove non-visible characters
        $file = preg_replace('/[\x00-\x1F\x7F]/u', '', $file);
        
-        if (strpos($file, "..") !== false) {
+        if (strpos($file, "..") !== false || strpos($file, "./") !== false) {
            return true; // .. Too dangerious, up path attack
        }
-
+ 
        /*
         * :// Too dangerious, PHAR file execution of serialized code injection, etc...
         * Also, prevent remote code execution from http://, ftp://
--- a/src/classes/database/paginate.php
+++ b/src/classes/database/paginate.php
@ -41,7 +41,7 @@ class paginate {
        return ($limit > $this->max_limit) ? $this->max_limit : $limit;
    }
    
-    public function mongo_get_data(int $limit = 10, int $page = 1, array $options) {
+    public function mongo_get_data(int $limit = 10, int $page = 1, array $options = []) {
        $this->_limit = $this->set_limit($limit); // Number of items per page
        $this->_page = $page; // The current page number