Commit bcfeef9d authored by sgalinsk's avatar sgalinsk

[TASK] Version 3.2.1


git-svn-id: https://svn.typo3.org/TYPO3v4/Extensions/pmkshadowbox/trunk@76523 735d13b6-9817-0410-8766-e36946ffe9aa
parent 74b4583a
......@@ -2,7 +2,7 @@
/***************************************************************
* Copyright notice
*
* (c) 2010 Peter Klein <pmk@io.dk>
* (c) 2011 Peter Klein <pmk@io.dk>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
......@@ -28,13 +28,15 @@
class tx_pmkshadowbox_printsave {
public function main() {
$image = t3lib_div::_GET('image');
//first check if the requested file has an valid image file extension, not the nicest security feature but at least it prevents from downloading php files like localconf.php.
$image = $this->cleanGPValue(t3lib_div::_GET('image'));
// Check if the requested file has an valid image file extension
$allowedExtensions = t3lib_div::trimExplode(',', (strlen($TYPO3_CONF_VARS['GFX']['imagefile_ext']) > 0 ? $TYPO3_CONF_VARS['GFX']['imagefile_ext'] : 'gif,jpg,jpeg,tif,bmp,pcx,tga,png,pdf,ai'), 1);
$imageInfo = pathinfo($image);
if(!in_array(strtolower($imageInfo['extension']), $allowedExtensions)) { die('You are trying to download a file, which you don\'t have access to'); }
if (!in_array(strtolower($imageInfo['extension']), $allowedExtensions)) die('You are trying to download/print a file, which you don\'t have access to.');
switch (t3lib_div::_GET('mode')) {
if (!is_file(t3lib_div::getFileAbsFileName(str_replace(t3lib_div::getIndpEnv('TYPO3_SITE_URL'),'',$image)))) die('File not found!');
switch ($this->cleanGPValue(t3lib_div::_GET('mode'))) {
case 'print':
$this->print_image($image);
break;
......@@ -117,6 +119,22 @@ class tx_pmkshadowbox_printsave {
}
return true;
}
// Clean GET/POST values to prevent XSS/PoC attacks
private function cleanGPValue($value,$htmlspecialchars = 1) {
// Remove HTML tags in value
$value = strip_tags($value);
// Decode URL-encoded chars
$value = rawurldecode($value);
// Remove all characters with ascii value below 32
$value = preg_replace('/[\x{00}-\x{1F}]/iu', '', $value);
//$value = preg_replace('/\W/si', '', $value);
// Convert special characters to HTML entities
return $htmlspecialchars ? htmlspecialchars($value) : $value;
}
}
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment