Commit 35c6e61a authored by fgiasson's avatar fgiasson

Fixed sanitization of OSF Ontology and OSF Import inputs and outputs.

parent 1b2fb44c
......@@ -268,8 +268,12 @@ function osf_import() {
include_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'osf') . '/framework/WebServiceQuerier.php';
include_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'osf') . '/framework/ProcessorXML.php';
if (!isset($_POST["token"]) ||
!drupal_valid_token($_POST["token"], 'osf-import')) {
return drupal_access_denied();
}
$contentType = "";
if (isset($_POST["ctype"])) {
$contentType = $_POST["ctype"];
}
......@@ -307,13 +311,29 @@ function osf_import() {
$defaultEndpoint = osf_configure_get_endpoint_by_uri($wsfAddress);
$rdfDocument = "";
// Make sure that someone couldn't move outside of the /tmp/ directory with that file
if(strpos($_FILES['userfile']['name'], '..'))
{
return "";
}
if (!move_uploaded_file($_FILES['userfile']['tmp_name'], "/tmp/" . $_FILES['userfile']['name'])) {
// Get the extension of the file
preg_match("/.*\.(.*)$/",$_FILES['userfile']['name'], $matches);
$fileExtension = $matches[1];
// Sanitize the name of the file
$filename = substr($_FILES['userfile']['name'], 0, (strlen($_FILES['userfile']['name']) - (strlen($fileExtension) + 1)));
$filename = preg_replace('/[^a-zA-Z0-9_\-]/', '', $filename) . "." . $fileExtension;
if (!move_uploaded_file($_FILES['userfile']['tmp_name'], "/tmp/" . $filename)) {
return "";
}
// Read file form the server
$file = fopen("/tmp/" . $_FILES['userfile']['name'], "r");
// Read file from the server
$file = fopen("/tmp/" . $filename, "r");
$fileContent = "";
......@@ -323,7 +343,7 @@ function osf_import() {
fclose($file);
unlink("/tmp/" . $_FILES['userfile']['name']);
unlink("/tmp/" . $filename);
global $user;
global $base_url;
......@@ -818,7 +838,7 @@ function osf_import() {
$html
.= " <form enctype=\"multipart/form-data\" action=\"\" method=\"POST\">
<!--<input class=\"form-text\" type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />-->
<input class=\"form-text\" type=\"hidden\" name=\"token\" value=\"".drupal_get_token('osf-import')."\" />
<table width=\"100%\" border=\"0\">
<tr><td>&nbsp;</td><td>&nbsp;</td></tr>
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment