standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-17 20:06:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Handle exception for a possible attack vector

Browse source
This commit is contained in:
Alex Cabal 2023-07-20 15:05:24 -05:00
parent 042816cf45
commit 65c4578a4e
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/Ebook.php
View file

@ -73,8 +73,15 @@ class Ebook{
$this->RepoFilesystemPath = SITE_ROOT . '/ebooks/' . str_replace('/', '_', $this->RepoFilesystemPath) . '.git'; $this->RepoFilesystemPath = SITE_ROOT . '/ebooks/' . str_replace('/', '_', $this->RepoFilesystemPath) . '.git';
if(!is_dir($this->RepoFilesystemPath)){ // On dev systems we might not have the bare repos, so make an adjustment if(!is_dir($this->RepoFilesystemPath)){ // On dev systems we might not have the bare repos, so make an adjustment
try{
$this->RepoFilesystemPath = preg_replace('/\.git$/ius', '', $this->RepoFilesystemPath); $this->RepoFilesystemPath = preg_replace('/\.git$/ius', '', $this->RepoFilesystemPath);
} }
catch(Exception){
// We may get an exception from preg_replace if the passed repo wwwFilesystemPath contains invalid UTF8 characters,
// which a common injection attack vector
throw new Exceptions\InvalidEbookException('Invalid repo filesystem path: ' . $this->RepoFilesystemPath);
}
}
if(!is_dir($wwwFilesystemPath)){ if(!is_dir($wwwFilesystemPath)){
throw new Exceptions\InvalidEbookException('Invalid www filesystem path: ' . $wwwFilesystemPath); throw new Exceptions\InvalidEbookException('Invalid www filesystem path: ' . $wwwFilesystemPath);