diff options
author | Peter Wu <lekensteyn@gmail.com> | 2013-10-09 00:08:23 +0200 |
---|---|---|
committer | Peter Wu <lekensteyn@gmail.com> | 2013-10-09 00:08:23 +0200 |
commit | 7b060df85dd4ad3cc2236886fab2e7541ae58cb9 (patch) | |
tree | 177d2504e7bf7868399f700ac12afa33914f8231 | |
parent | 98d5f7c43312e5cba33d7dca38b3fcffc10cd645 (diff) | |
download | scripts-7b060df85dd4ad3cc2236886fab2e7541ae58cb9.tar.gz |
tmp-upload: open_basedir fixes
-rwxr-xr-x | tmp-upload | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -22,6 +22,7 @@ startline=$(grep -hn -F -m 1 "# stuff ""below" "$0" | cut -d: -f1) tail -n+$((startline+1)) "$0" > "$out" php -d post_max_size=128M -d upload_max_filesize=128M \ + -d open_basedir="$out:$(pwd)/" \ -S "$host:$port" "$out" exit # stuff below @@ -63,7 +64,13 @@ if (is_dir($path)) { exit; } - $relDir = substr($path, strlen($path . DIRECTORY_SEPARATOR)); + /* remove common prefix */ + $rootDir = realpath("."); + if ($cwdir == '/') { + $relDir = substr($path, strlen($cwdir)); + } else { + $relDir = substr($path, strlen($cwdir . DIRECTORY_SEPARATOR)); + } if (!strlen($relDir)) { $relDir = '.'; } @@ -133,7 +140,7 @@ function saveUpload($upload) { <!doctype html> <meta charset="UTF-8"> <meta name="viewport" content="initial-scale=1"> -<form action="/" method="POST" enctype="multipart/form-data"> +<form action="." method="POST" enctype="multipart/form-data"> <input type="file" name="file[]" multiple> <input type="submit" value="Upload"> </form> @@ -149,10 +156,11 @@ date_default_timezone_set('Europe/Amsterdam'); $dir = new DirectoryIterator($path); foreach ($dir as $f) { - if ($f->isDot()) { - //continue; - } $filename = $f->getFilename(); + /* skip top-level directory due to basedir restrictions */ + if ($filename == '..' && $relDir == '.' . DIRECTORY_SEPARATOR) { + continue; + } $len = mb_strlen($filename); $maxLen = $f->isDir() ? 49 : 50; if ($len > $maxLen) { |