EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add realpath validation and accessibility improvements

Browse Source 
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-02-14 13:21:09 +00:00
parent a3eeda2dc5
commit b5d71a473d
2 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
public_html/entreaulas/_filefetch.php
View File

@@ -80,20 +80,29 @@ if (!isset($path)) {
if (!isset($uripath)) {
$uripath = "/$relpath";
}
if (!file_exists($path) || !is_file($path)) {
// Validate that the resolved path is within /DATA directory
$real_path = realpath($path);
$real_base = realpath("/DATA");
if ($real_path === false || $real_base === false || strpos($real_path, $real_base) !== 0) {
header("HTTP/1.1 403 Forbidden");
die("Access denied");
}
if (!file_exists($real_path) || !is_file($real_path)) {
header("HTTP/1.1 404 Not Found");
die("File not found");
}
$mime = mime_content_type($path);
$mime = mime_content_type($real_path);
// Check if thumbnail is requested
if (file_exists($path . ".thumbnail") && $_GET["thumbnail"] == "1") {
$path .= ".thumbnail";
if (file_exists($real_path . ".thumbnail") && $_GET["thumbnail"] == "1") {
$real_path .= ".thumbnail";
$uripath .= ".thumbnail";
$mime = "image/jpeg";
}
header("Content-Type: " . $mime);
header('Content-Length: ' . filesize($path));
header('Content-Length: ' . filesize($real_path));
//header('Cache-Control: max-age=7200');
header("X-Accel-Redirect: $uripath");