From ee50c41e74d0259e71309eecafa9454eec2eebb8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 16 Aug 2019 17:32:58 +0200 Subject: [PATCH 1/3] Fix phpcs --- htdocs/admin/pdf.php | 2 +- htdocs/product/stock/card.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index e2a99441ea8..56c6f977827 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -283,7 +283,7 @@ if ($action == 'edit') // Edit //Invert sender and recipient print ''.$langs->trans("SwapSenderAndRecipientOnPDF").''; - print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT',(! empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT))?$conf->global->MAIN_INVERT_SENDER_RECIPIENT:0,1); + print $form->selectyesno('MAIN_INVERT_SENDER_RECIPIENT', (! empty($conf->global->MAIN_INVERT_SENDER_RECIPIENT))?$conf->global->MAIN_INVERT_SENDER_RECIPIENT:0, 1); print ''; // Place customer adress to the ISO location diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index ae2150e8464..1c78d6726d3 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -56,7 +56,7 @@ $backtopage=GETPOST('backtopage', 'alpha'); $result=restrictedArea($user, 'stock'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context -$hookmanager->initHooks(array('warehousecard','globalcard')); +$hookmanager->initHooks(array('warehousecard', 'globalcard')); $object = new Entrepot($db); From d51a651ab4811051f6bcfd2317a0f02e3e1b4af3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 16 Aug 2019 17:35:12 +0200 Subject: [PATCH 2/3] Fix phpcs --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 64d3b414cf8..58e13f37763 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1910,7 +1910,7 @@ function dol_compress_file($inputfile, $outputfile, $mode = "gz") dol_syslog("Class ZipArchive is set so we zip using ZipArchive to zip into ".$outputfile.' rootPath='.$rootPath); $zip = new ZipArchive; - if ($zip->open($outputfile, ZipArchive::CREATE)!==TRUE) { + if ($zip->open($outputfile, ZipArchive::CREATE) !== true) { $errormsg="Failed to open file ".$outputfile."\n"; dol_syslog("dol_compress_file failure - ".$errormsg, LOG_ERR); return -6; From 898996da4ab4a2109d17f411065e8b75f2f44156 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 16 Aug 2019 21:45:13 +0200 Subject: [PATCH 3/3] =?UTF-8?q?FIX=20vulenrability=20in=20uploading=20file?= =?UTF-8?q?=20found=20by=20=E7=BE=8E=E5=88=9B=E7=A7=91=E6=8A=80=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E5=AE=9E=E9=AA=8C=E5=AE=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/core/lib/files.lib.php | 7 ++++--- htdocs/core/lib/functions.lib.php | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 58e13f37763..1012b825254 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -985,6 +985,7 @@ function dolCheckVirus($src_file) * - This function can be used only into a HTML page context. Use dol_move if you are outside. * - Test on antivirus is always done (if antivirus set). * - Database of files is NOT updated (this is done by dol_add_file_process() that calls this function). + * - Extension .noexe may be added if file is executable and MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED is not set. * * @param string $src_file Source full path filename ($_FILES['field']['tmp_name']) * @param string $dest_file Target full path filename ($_FILES['field']['name']) @@ -1063,15 +1064,15 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable // Security: // We refuse cache files/dirs, upload using .. and pipes into filenames. - if (preg_match('/^\./', $src_file) || preg_match('/\.\./', $src_file) || preg_match('/[<>|]/', $src_file)) + if (preg_match('/^\./', basename($src_file)) || preg_match('/\.\./', $src_file) || preg_match('/[<>|]/', $src_file)) { dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING); return -1; } // Security: - // On interdit fichiers caches, remontees de repertoire ainsi que les pipe dans les noms de fichiers. - if (preg_match('/^\./', $dest_file) || preg_match('/\.\./', $dest_file) || preg_match('/[<>|]/', $dest_file)) + // We refuse cache files/dirs, upload using .. and pipes into filenames. + if (preg_match('/^\./', basename($dest_file)) || preg_match('/\.\./', $dest_file) || preg_match('/[<>|]/', $dest_file)) { dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING); return -2; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index e9f4301f8f2..24a87c15032 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -796,7 +796,8 @@ function dol_size($size, $type = '') */ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) { - $filesystem_forbidden_chars = array('<','>','/','\\','?','*','|','"','°'); + // List of special chars for filenames are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file + $filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°'); return dol_string_nospecial($unaccent?dol_string_unaccent($str):$str, $newstr, $filesystem_forbidden_chars); }