twb
/
tts_framework
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

null byte injection check

Browse Source
main
Robert 2 years ago
parent 3772e4d386
commit adbc870914
2 changed files with 8 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      src/bootstrap/requires.php
  2. 2
      src/classes/database/paginate.php

7
src/bootstrap/requires.php
Unescape View File

@ -20,10 +20,15 @@ final class requires {
}
public static function is_dangerous(string $file): bool {
// Make sure the file does not contain null bytes to avoid PHAR file attacks
if (strpos($file, "\x00") !== false) {
return true;
}
// Remove non-visible characters
$file = preg_replace('/[\x00-\x1F\x7F]/u', '', $file);
if (strpos($file, "..") !== false) {
if (strpos($file, "..") !== false || strpos($file, "./") !== false) {
return true; // .. Too dangerious, up path attack
}

2
src/classes/database/paginate.php
Unescape View File

@ -41,7 +41,7 @@ class paginate {
return ($limit > $this->max_limit) ? $this->max_limit : $limit;
}
public function mongo_get_data(int $limit = 10, int $page = 1, array $options) {
public function mongo_get_data(int $limit = 10, int $page = 1, array $options = []) {
$this->_limit = $this->set_limit($limit); // Number of items per page
$this->_page = $page; // The current page number

Write Preview
Loading…
Cancel
Save