lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix security problems and add zstd support

Browse Source
This commit is contained in:
lmarcouiller 2022-03-14 11:45:23 +01:00
parent 57ed890b73
commit 8d11813ea5
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/lib/files.lib.php
View File

@ -2146,22 +2146,24 @@ function dol_uncompress($inputfile, $outputdir)
} }
return array('error'=>'ErrNoZipEngine'); return array('error'=>'ErrNoZipEngine');
} elseif ($fileinfo["extension"] == "gz" || $fileinfo["extension"] == "bz2") { } elseif (in_array($fileinfo["extension"], array('gz','bz2','zst'))) {
$extension = pathinfo($fileinfo["filename"], PATHINFO_EXTENSION); $extension = pathinfo($fileinfo["filename"], PATHINFO_EXTENSION);
if ($extension == "tar") { if ($extension == "tar") {
$cmd = "tar -C ".$outputdir." -xvf ".$fileinfo["dirname"]."/".$fileinfo["basename"]; $cmd = 'tar -C '.escapeshellcmd(dol_sanitizePathName($outputdir)).' -xvf '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
$resarray = $utils->executeCLI($cmd, $outputdir); $resarray = $utils->executeCLI($cmd, $outputdir);
} else { } else {
$program = ""; $program = "";
if ($fileinfo["extension"] == "gz") { if ($fileinfo["extension"] == "gz") {
$program = "gzip"; $program = 'gzip';
} elseif ($fileinfo["extension"] == "bz2") { } elseif ($fileinfo["extension"] == "bz2") {
$program = "bzip2"; $program = 'bzip2';
} elseif ($fileinfo["extension"] == "zst") {
$program = 'zstd';
} else { } else {
return array('error'=>'ErrFileExtension'); return array('error'=>'ErrFileExtension');
} }
$cmd = $program." -dc ".$fileinfo["dirname"]."/".$fileinfo["basename"]; $cmd = $program.' -dc '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
$outputfilename = $outputdir."/".$fileinfo["filename"]; $outputfilename = escapeshellcmd(dol_sanitizePathName($outputdir).'/'.dol_sanitizeFileName($fileinfo["filename"]));
$resarray = $utils->executeCLI($cmd, $outputfilename, 0, $outputfilename); $resarray = $utils->executeCLI($cmd, $outputfilename, 0, $outputfilename);
if ($resarray["output"] == 2) { if ($resarray["output"] == 2) {
$resarray["error"] = "ErrFilePermOrFileNotFound"; $resarray["error"] = "ErrFilePermOrFileNotFound";