[svn r21143] Added Security::filter_filename() to avoid .php extensions (using disable_dangerous_file() function as a preliminary move to the Security lib)

Applied minor PEAR coding conventions improvements
17 years ago · 08088afee8
parent 1d5ea061c4
commit 08088afee8
1 changed files with 35 additions and 39 deletions
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@ -52,22 +52,20 @@
 * @author	Yannick Warnier <yannick.warnier@dokeos.com>
 */
 class Security {
-	var	$clean = array();
+	public $clean = array();
 	/**
 	 * Checks if the absolute path given is really under the checker path
 	 * @param	string	Absolute path to be checked (with trailing slash)
 	 * @param	string	Checker path under which the path should be (absolute path, with trailing slash, get it from api_get_path(SYS_COURSE_PATH))
 	 * @return	bool	True if the path is under the checker, false otherwise
 	 */
-	function check_abs_path($abs_path,$checker_path)
-	{
+	function check_abs_path($abs_path,$checker_path) {
 		if (empty($checker_path)) {return false;} //checker path must be set
 		
 		$true_path=str_replace("\\", "/", realpath($abs_path));
 		
 		$found = strpos($true_path.'/',$checker_path);
-		if($found===0)
-		{
+		if ($found===0) {
 			return true;
 		}
 		return false;
@ -88,36 +86,42 @@ class Security{
 		$abs_path = $current_path.$rel_path;
 		$true_path=str_replace("\\", "/", realpath($abs_path));
 		$found = strpos($true_path.'/',$checker_path);
-		if($found===0)
-		{
+		if ($found===0) {
 			return true;
 		}
 		return false;
 	}
+    /**
+     * Filters dangerous filenames (*.php[.]?* and .htaccess) and returns it in
+     * a non-executable form (for PHP and htaccess, this is still vulnerable to
+     * other languages' files extensions)
+     * @param   string  Unfiltered filename
+     * @param   string  Filtered filename
+     */
+    function filter_filename($filename) {
+    	require_once(api_get_path(LIBRARY_PATH).'fileUpload.lib.php');
+        return disable_dangerous_file($filename);
+    }
 	/**
 	 * This function checks that the token generated in get_token() has been kept (prevents
 	 * Cross-Site Request Forgeries attacks)
 	 * @param	string	The array in which to get the token ('get' or 'post')
 	 * @return	bool	True if it's the right token, false otherwise
 	 */
-	function check_token($array='post')
-	{
+	function check_token($array='post') {
 		switch ($array) {
 			case 'get':
-				if(isset($_SESSION['sec_token']) && isset($_GET['sec_token']) && $_SESSION['sec_token'] === $_GET['sec_token'])
-				{
+				if (isset($_SESSION['sec_token']) && isset($_GET['sec_token']) && $_SESSION['sec_token'] === $_GET['sec_token']) {
 					return true;
 				}
 				return false;
 			case 'post':
-				if(isset($_SESSION['sec_token']) && isset($_POST['sec_token']) && $_SESSION['sec_token'] === $_POST['sec_token'])
-				{
+				if (isset($_SESSION['sec_token']) && isset($_POST['sec_token']) && $_SESSION['sec_token'] === $_POST['sec_token']) {
 					return true;
 				}				
 				return false;
 			default:
-				if(isset($_SESSION['sec_token']) && isset($array) && $_SESSION['sec_token'] === $array)
-				{
+				if (isset($_SESSION['sec_token']) && isset($array) && $_SESSION['sec_token'] === $array) {
 					return true;
 				}
 				return false;
@ -129,10 +133,8 @@ class Security{
 	 * most session hijacking attacks.
 	 * @return	bool	True if the user agent is the same, false otherwise
 	 */
-	function check_ua()
-	{
-		if(isset($_SESSION['sec_ua']) and $_SESSION['sec_ua'] === $_SERVER['HTTP_USER_AGENT'].$_SESSION['sec_ua_seed'])
-		{
+	function check_ua() {
+		if (isset($_SESSION['sec_ua']) and $_SESSION['sec_ua'] === $_SERVER['HTTP_USER_AGENT'].$_SESSION['sec_ua_seed']) {
 			return true;
 		}
 		return false;
@ -141,8 +143,7 @@ class Security{
 	 * Clear the security token from the session
 	 * @return void
 	 */
-	function clear_token()
-	{
+	function clear_token() {
 		$_SESSION['sec_token'] = null;
 		unset($_SESSION['sec_token']);
 	}
@ -155,8 +156,7 @@ class Security{
 	 * Check the token with check_token()
 	 * @return	string	Hidden-type input ready to insert into a form
 	 */
-	function get_HTML_token()
-	{
+	function get_HTML_token() {
 		$token = md5(uniqid(rand(),TRUE));
 		$string = '<input type="hidden" name="sec_token" value="'.$token.'"/>';
 		$_SESSION['sec_token'] = $token;
@ -171,8 +171,7 @@ class Security{
 	 * Check the token with check_token()
 	 * @return	string	Token
 	 */
-	function get_token()
-	{
+	function get_token() {
 		$token = md5(uniqid(rand(),TRUE));
 		$_SESSION['sec_token'] = $token;
 		return $token;
@ -182,8 +181,7 @@ class Security{
 	 * most cases of session hijacking.
 	 * @return void
 	 */
-	function get_ua()
-	{
+	function get_ua() {
 		$_SESSION['sec_ua_seed'] = uniqid(rand(),TRUE);
 		$_SESSION['sec_ua'] = $_SERVER['HTTP_USER_AGENT'].$_SESSION['sec_ua_seed'];
 	}
@ -194,8 +192,7 @@ class Security{
 	 * @param	array	Additional options
 	 * @return	bool	True if variable was filtered and added to the current object, false otherwise
 	 */
-	function filter($var,$type='string',$options=array())
-	{
+	function filter($var,$type='string',$options=array()) {
 		//This function is not finished! Do not use!
 		$result = false;
 		//get variable name and value
@ -233,8 +230,7 @@ class Security{
 	 * @param	string	Variable name
 	 * @return	mixed	Variable or NULL on error
 	 */
-	function get($varname)
-	{
+	function get($varname) {
 		if (isset($this->clean[$varname])) {
 			return $this->clean[$varname];
 		}