From 7b060df85dd4ad3cc2236886fab2e7541ae58cb9 Mon Sep 17 00:00:00 2001
From: Peter Wu <lekensteyn@gmail.com>
Date: Wed, 9 Oct 2013 00:08:23 +0200
Subject: tmp-upload: open_basedir fixes

---
 tmp-upload | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'tmp-upload')

diff --git a/tmp-upload b/tmp-upload
index 9b5d4d3..670a2e5 100755
--- a/tmp-upload
+++ b/tmp-upload
@@ -22,6 +22,7 @@ startline=$(grep -hn -F -m 1 "# stuff ""below" "$0" | cut -d: -f1)
 tail -n+$((startline+1)) "$0" > "$out"
 
 php -d post_max_size=128M -d upload_max_filesize=128M \
+	-d open_basedir="$out:$(pwd)/" \
 	-S "$host:$port" "$out"
 exit
 # stuff below
@@ -63,7 +64,13 @@ if (is_dir($path)) {
 		exit;
 	}
 
-	$relDir = substr($path, strlen($path . DIRECTORY_SEPARATOR));
+	/* remove common prefix */
+	$rootDir = realpath(".");
+	if ($cwdir == '/') {
+		$relDir = substr($path, strlen($cwdir));
+	} else {
+		$relDir = substr($path, strlen($cwdir . DIRECTORY_SEPARATOR));
+	}
 	if (!strlen($relDir)) {
 		$relDir = '.';
 	}
@@ -133,7 +140,7 @@ function saveUpload($upload) {
 <!doctype html>
 <meta charset="UTF-8">
 <meta name="viewport" content="initial-scale=1">
-<form action="/" method="POST" enctype="multipart/form-data">
+<form action="." method="POST" enctype="multipart/form-data">
 <input type="file" name="file[]" multiple>
 <input type="submit" value="Upload">
 </form>
@@ -149,10 +156,11 @@ date_default_timezone_set('Europe/Amsterdam');
 $dir = new DirectoryIterator($path);
 
 foreach ($dir as $f) {
-	if ($f->isDot()) {
-		//continue;
-	}
 	$filename = $f->getFilename();
+	/* skip top-level directory due to basedir restrictions */
+	if ($filename == '..' && $relDir == '.' . DIRECTORY_SEPARATOR) {
+		continue;
+	}
 	$len = mb_strlen($filename);
 	$maxLen = $f->isDir() ? 49 : 50;
 	if ($len > $maxLen) {
-- 
cgit v1.2.1