standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-16 11:26:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Handle exception for a possible attack vector

Browse source
This commit is contained in:
Alex Cabal 2023-07-20 15:05:24 -05:00
parent 042816cf45
commit 65c4578a4e
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
lib/Ebook.php
View file

@ -73,7 +73,14 @@ class Ebook{
$this->RepoFilesystemPath = SITE_ROOT . '/ebooks/' . str_replace('/', '_', $this->RepoFilesystemPath) . '.git';
if(!is_dir($this->RepoFilesystemPath)){ // On dev systems we might not have the bare repos, so make an adjustment
$this->RepoFilesystemPath = preg_replace('/\.git$/ius', '', $this->RepoFilesystemPath);
try{
$this->RepoFilesystemPath = preg_replace('/\.git$/ius', '', $this->RepoFilesystemPath);
}
catch(Exception){
// We may get an exception from preg_replace if the passed repo wwwFilesystemPath contains invalid UTF8 characters,
// which a common injection attack vector
throw new Exceptions\InvalidEbookException('Invalid repo filesystem path: ' . $this->RepoFilesystemPath);
}
}
if(!is_dir($wwwFilesystemPath)){