Fix #yogosha7494

2021-10-22 10:49:01 +02:00 · 2021-10-22 10:49:01 +02:00 · 962aa9f977
commit 962aa9f977
parent 8ba05cc242
2 changed files with 3 additions and 0 deletions
--- a/htdocs/document.php
+++ b/htdocs/document.php
@ -195,9 +195,11 @@ if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($ori
 }

 // Security: Delete string ../ or ..\ into $original_file
+$original_file = preg_replace('/\.\.+/','..', $original_file);	// Replace '... or more' with '..'
 $original_file = str_replace('../', '/', $original_file);
 $original_file = str_replace('..\\', '/', $original_file);

+
 // Find the subdirectory name as the reference
 $refname = basename(dirname($original_file)."/");

--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@ -222,6 +222,7 @@ if (preg_match('/\.noexe$/i', $original_file)) {
 }

 // Security: Delete string ../ or ..\ into $original_file
+$original_file = preg_replace('/\.\.+/', '..', $original_file);	// Replace '... or more' with '..'
 $original_file = str_replace('../', '/', $original_file);
 $original_file = str_replace('..\\', '/', $original_file);