DiskCache: more strict checking for input filenames, getUrl() is no longer static

2019-08-14 09:49:18 +03:00 · 2019-08-14 09:49:18 +03:00 · 3c075bfd21
parent 65450f8a2b
commit 3c075bfd21
5 changed files with 16 additions and 16 deletions
--- a/classes/article.php
+++ b/classes/article.php
@ -673,10 +673,12 @@ class Article extends Handler_Protected {
 		$rv = array();
 		$cache = new DiskCache("images");
 		while ($line = $sth->fetch()) {
-			if (file_exists(CACHE_DIR . '/images/' . sha1($line["content_url"]))) {
+			if ($cache->exists(sha1($line["content_url"]))) {
-				$line["content_url"] = DiskCache::getUrl(sha1($line["content_url"]));
+				$line["content_url"] = $cache->getUrl(sha1($line["content_url"]));
 			}
 			array_push($rv, $line);
--- a/classes/diskcache.php
+++ b/classes/diskcache.php
@ -3,7 +3,7 @@ class DiskCache {
 	private $dir;
 	public function __construct($dir) {
-		$this->dir = CACHE_DIR . "/" . basename($dir);
+		$this->dir = CACHE_DIR . "/" . clean_filename($dir);
 	}
 	public function getDir() {
@ -39,7 +39,7 @@ class DiskCache {
 	}
 	public function getFullPath($filename) {
-		$filename = basename($filename);
+		$filename = clean_filename($filename);
 		return $this->dir . "/" . $filename;
 	}
@ -72,8 +72,8 @@ class DiskCache {
 		return send_local_file($this->getFullPath($filename));
 	}
-	static public function getUrl($filename) {
+	public function getUrl($filename) {
-		return get_self_url_prefix() . "/public.php?op=cached_url&file=" . $filename;
+		return get_self_url_prefix() . "/public.php?op=cached_url&file=" . basename($this->dir) . "/" . $filename;
 	}
 	// check for locally cached (media) URLs and rewrite to local versions
@ -103,7 +103,7 @@ class DiskCache {
 					if ($cache->getSize($cached_filename) > 0) {
-						$src = DiskCache::getUrl(sha1($src));
+						$src = $cache->getUrl(sha1($src));
 						if ($entry->hasAttribute('poster'))
 							$entry->setAttribute('poster', $src);
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@ -1202,13 +1202,7 @@ class Handler_Public extends Handler {
 	}
 	function cached_url() {
-		$filename = $_GET['file'];
+		list ($cache_dir, $filename) = explode("/", $_GET["file"], 2);
 		if (strpos($filename, "/") !== FALSE) {
 			list ($cache_dir, $filename) = explode("/", $filename, 2);
 		} else {
 			$cache_dir = "images";
 		}
 		$cache = new DiskCache($cache_dir);
--- a/include/functions.php
+++ b/include/functions.php
@ -594,6 +594,10 @@
 		}
 	}
 	function clean_filename($filename) {
 		return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename));
 	}
 	function make_password($length = 12) {
 		$password = "";
 		$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
--- a/plugins/cache_starred_images/init.php
+++ b/plugins/cache_starred_images/init.php
@ -101,7 +101,7 @@ class Cache_Starred_Images extends Plugin {
 		$local_filename = $article_id . "-" . sha1($enc["content_url"]);
 		if ($this->cache->exists($local_filename)) {
-			$enc["content_url"] = DiskCache::getUrl("starred-images/" . $local_filename);
+			$enc["content_url"] = $this->cache->getUrl($local_filename);
 		}
 		return $enc;
@ -123,7 +123,7 @@ class Cache_Starred_Images extends Plugin {
 					$local_filename = $article_id . "-" . sha1($src);
 					if ($this->cache->exists($local_filename)) {
-						$entry->setAttribute("src", DiskCache::getUrl("starred-images/" . $local_filename));
+						$entry->setAttribute("src", $this->cache->getUrl($local_filename));
 						$entry->removeAttribute("srcset");
 					}
 				}