diff --git a/CHANGES.md b/CHANGES.md index 0d64f586..876999d8 100755 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,8 +7,9 @@ - Stockage des données JSON, forçage au format objet. ## Version 12.3.10 +- Edition d'un utilisateur, affiche correctement la langue de l'interface dans l'édition d'un utilisateur. - Mise à jour du fichier dialog.php de Responsive File Manager -- Vulnérabilité dans ajax_call.php CVE-2020-10567 +- Vulnérabilité dans ajax_call.php CVE-2020-10567, désactivation de TUI Editor et de la fonction save_image. ## Version 12.3.09 ### Corrections diff --git a/core/vendor/filemanager/ajax_calls.php b/core/vendor/filemanager/ajax_calls.php index 6b97f280..4ab1b48d 100644 --- a/core/vendor/filemanager/ajax_calls.php +++ b/core/vendor/filemanager/ajax_calls.php @@ -5,7 +5,7 @@ $config = include 'config/config.php'; require_once 'include/utils.php'; if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") { - response(trans('forbidden') . AddErrorLocation())->send(); + response(trans('forbidden').AddErrorLocation())->send(); exit; } $languages = include 'lang/languages.php'; @@ -14,24 +14,24 @@ if (isset($_SESSION['RF']['language']) && file_exists('lang/' . basename($_SESSI if (array_key_exists($_SESSION['RF']['language'], $languages)) { include 'lang/' . basename($_SESSION['RF']['language']) . '.php'; } else { - response(trans('Lang_Not_Found') . AddErrorLocation())->send(); + response(trans('Lang_Not_Found').AddErrorLocation())->send(); exit; } } else { - response(trans('Lang_Not_Found') . AddErrorLocation())->send(); + response(trans('Lang_Not_Found').AddErrorLocation())->send(); exit; } //check $_GET['file'] if (isset($_GET['file']) && !checkRelativePath($_GET['file'])) { - response(trans('wrong path') . AddErrorLocation())->send(); + response(trans('wrong path').AddErrorLocation())->send(); exit; } //check $_POST['file'] -if (isset($_POST['path']) && !checkRelativePath($_POST['path'])) { - response(trans('wrong path') . AddErrorLocation())->send(); +if(isset($_POST['path']) && !checkRelativePath($_POST['path'])) { + response(trans('wrong path').AddErrorLocation())->send(); exit; } @@ -43,16 +43,16 @@ if (isset($_GET['action'])) { case 'new_file_form': echo trans('Filename') . ':
'; - break; + break; case 'view': if (isset($_GET['type'])) { $_SESSION['RF']["view_type"] = $_GET['type']; } else { - response(trans('view type number missing') . AddErrorLocation())->send(); + response(trans('view type number missing').AddErrorLocation())->send(); exit; } break; @@ -63,7 +63,7 @@ if (isset($_GET['action'])) { $_SESSION['RF']["filter"] = $_GET['type']; } } else { - response(trans('view type number missing') . AddErrorLocation())->send(); + response(trans('view type number missing').AddErrorLocation())->send(); exit; } break; @@ -73,13 +73,16 @@ if (isset($_GET['action'])) { $_SESSION['RF']["sort_by"] = $_GET['sort_by']; } - if (isset($_GET['descending'])) { - $_SESSION['RF']["descending"] = $_GET['descending']; - } + if (isset($_GET['descending'])) + { + $_SESSION['RF']["descending"] = $_GET['descending']; + } + break; + case 'save_img': break; - case 'save_img': - $info = pathinfo($_POST['name']); + $info = pathinfo($_POST['name']); $image_data = $_POST['url']; + if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) { $image_data = substr($image_data, strpos($image_data, ',') + 1); $type = strtolower($type[1]); // jpg, png, gif @@ -87,43 +90,42 @@ if (isset($_GET['action'])) { $image_data = base64_decode($image_data); if ($image_data === false) { - response(trans('TUI_Decode_Failed') . AddErrorLocation())->send(); - exit; + response(trans('TUI_Decode_Failed').AddErrorLocation())->send(); + exit; } } else { - response(trans('') . AddErrorLocation())->send(); + response(trans('').AddErrorLocation())->send(); exit; } if ($image_data === false) { - response(trans('') . AddErrorLocation())->send(); + response(trans('').AddErrorLocation())->send(); exit; } if (!checkresultingsize(strlen($image_data))) { - response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } - if ($ftp) { - $temp_file = tmpfile(); - $temp_meta = stream_get_meta_data($temp_file); - $temp_path = $temp_meta['uri']; - fwrite($temp_file, $image_data); + $temp = tempnam('/tmp', 'RF'); + unlink($temp); + $temp .=".".substr(strrchr($_POST['url'], '.'), 1); + file_put_contents($temp, $image_data); - $ftp->put($config['ftp_base_folder'] . $config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY); + $ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); - create_img($temp_path, $temp_path, 122, 91); - $ftp->put($config['ftp_base_folder'] . $config['ftp_thumbs_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY); + create_img($temp, $temp, 122, 91); + $ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); - fclose($temp_file); + unlink($temp); } else { file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data); - create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'] . $_POST['path'] . $_POST['name'], 122, 91); + create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91); // TODO something with this function cause its blowing my mind new_thumbnails_creation( - $config['current_path'] . $_POST['path'], - $config['current_path'] . $_POST['path'] . $_POST['name'], + $config['current_path'].$_POST['path'], + $config['current_path'].$_POST['path'].$_POST['name'], $_POST['name'], $config['current_path'], $config @@ -133,11 +135,11 @@ if (isset($_GET['action'])) { case 'extract': if (!$config['extract_files']) { - response(trans('wrong action') . AddErrorLocation())->send(); + response(trans('wrong action').AddErrorLocation())->send(); } if ($ftp) { - $path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path']; - $base_folder = $config['ftp_base_url'] . $config['upload_dir'] . fix_dirname($_POST['path']) . "/"; + $path = $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']; + $base_folder = $config['ftp_base_url'].$config['upload_dir'] . fix_dirname($_POST['path']) . "/"; } else { $path = $config['current_path'] . $_POST['path']; $base_folder = $config['current_path'] . fix_dirname($_POST['path']) . "/"; @@ -170,7 +172,7 @@ if (isset($_GET['action'])) { $sizeTotalFinal += $aStat['size']; } if (!checkresultingsize($sizeTotalFinal)) { - response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } @@ -183,7 +185,7 @@ if (isset($_GET['action'])) { create_folder($base_folder . $FullFileName['name']); } - if (!(substr($FullFileName['name'], -1, 1) == "/")) { + if (! (substr($FullFileName['name'], -1, 1) == "/")) { $fileinfo = pathinfo($FullFileName['name']); if (in_array(strtolower($fileinfo['extension']), $config['ext'])) { copy('zip://' . $path . '#' . $FullFileName['name'], $base_folder . $FullFileName['name']); @@ -193,7 +195,7 @@ if (isset($_GET['action'])) { } $zip->close(); } else { - response(trans('Zip_No_Extract') . AddErrorLocation())->send(); + response(trans('Zip_No_Extract').AddErrorLocation())->send(); exit; } @@ -216,132 +218,127 @@ if (isset($_GET['action'])) { break; default: - response(trans('Zip_Invalid') . AddErrorLocation())->send(); + response(trans('Zip_Invalid').AddErrorLocation())->send(); exit; } if ($ftp) { unlink($path); - $ftp->putAll($base_folder, "/" . $config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY); + $ftp->putAll($base_folder, "/".$config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY); deleteDir($base_folder); } - break; - case 'media_preview': - if (isset($_GET['file'])) { - $_GET['file'] = sanitize($_GET['file']); - } - if (isset($_GET['title'])) { - $_GET['title'] = sanitize($_GET['title']); - } - if ($ftp) { - $preview_file = $config['ftp_base_url'] . $config['upload_dir'] . $_GET['file']; - } else { - $preview_file = $config['current_path'] . $_GET["file"]; - } - $info = pathinfo($preview_file); - ob_start(); - ?> -
-
- - - -
-
- + break; + case 'media_preview': + if(isset($_GET['file'])){ + $_GET['file'] = sanitize($_GET['file']); + } + if(isset($_GET['title'])){ + $_GET['title'] = sanitize($_GET['title']); + } + if($ftp){ + $preview_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file']; + }else{ + $preview_file = $config['current_path'] . $_GET["file"]; + } + $info = pathinfo($preview_file); + ob_start(); + ?> +
+
+ + + +
+
+ - + }); + - + - + + }); + send(); + response(trans('wrong sub-action').AddErrorLocation())->send(); exit; } if (trim($_POST['path']) == '') { - response(trans('no path') . AddErrorLocation())->send(); + response(trans('no path').AddErrorLocation())->send(); exit; } @@ -368,7 +365,7 @@ if (isset($_GET['action'])) { if (is_dir($path)) { // can't copy/cut dirs if ($config['copy_cut_dirs'] === false) { - response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Folders')) . AddErrorLocation())->send(); + response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Folders')).AddErrorLocation())->send(); exit; } @@ -376,7 +373,7 @@ if (isset($_GET['action'])) { // size over limit if ($config['copy_cut_max_size'] !== false && is_int($config['copy_cut_max_size'])) { if (($config['copy_cut_max_size'] * 1024 * 1024) < $sizeFolderToCopy) { - response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $config['copy_cut_max_size']) . AddErrorLocation())->send(); + response(sprintf(trans('Copy_Cut_Size_Limit'), $msg_sub_action, $config['copy_cut_max_size']).AddErrorLocation())->send(); exit; } } @@ -384,19 +381,19 @@ if (isset($_GET['action'])) { // file count over limit if ($config['copy_cut_max_count'] !== false && is_int($config['copy_cut_max_count'])) { if ($config['copy_cut_max_count'] < $fileNum) { - response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $config['copy_cut_max_count']) . AddErrorLocation())->send(); + response(sprintf(trans('Copy_Cut_Count_Limit'), $msg_sub_action, $config['copy_cut_max_count']).AddErrorLocation())->send(); exit; } } if (!checkresultingsize($sizeFolderToCopy)) { - response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } } else { // can't copy/cut files if ($config['copy_cut_files'] === false) { - response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Files')) . AddErrorLocation())->send(); + response(sprintf(trans('Copy_Cut_Not_Allowed'), $msg_sub_action, trans('Files')).AddErrorLocation())->send(); exit; } } @@ -412,11 +409,10 @@ if (isset($_GET['action'])) { if ($ftp) { $path = $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path']; if ( - ($_POST['folder'] == 1 && $config['chmod_dirs'] === false) - || ($_POST['folder'] == 0 && $config['chmod_files'] === false) - || (is_function_callable("chmod") === false) - ) { - response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403) . AddErrorLocation())->send(); + ($_POST['folder']==1 && $config['chmod_dirs'] === false) + || ($_POST['folder']==0 && $config['chmod_files'] === false) + || (is_function_callable("chmod") === false)) { + response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send(); exit; } $info = $_POST['permissions']; @@ -425,9 +421,8 @@ if (isset($_GET['action'])) { if ( (is_dir($path) && $config['chmod_dirs'] === false) || (is_file($path) && $config['chmod_files'] === false) - || (is_function_callable("chmod") === false) - ) { - response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403) . AddErrorLocation())->send(); + || (is_function_callable("chmod") === false)) { + response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send(); exit; } @@ -439,22 +434,22 @@ if (isset($_GET['action'])) { $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x') : - (($perms & 0x0800) ? 'S' : '-')); + (($perms & 0x0800) ? 's' : 'x') : + (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x') : - (($perms & 0x0400) ? 'S' : '-')); + (($perms & 0x0400) ? 's' : 'x') : + (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x') : - (($perms & 0x0200) ? 'T' : '-')); + (($perms & 0x0200) ? 't' : 'x') : + (($perms & 0x0200) ? 'T' : '-')); } @@ -471,22 +466,22 @@ if (isset($_GET['action'])) { - ' . trans('User') . ' - - - + '.trans('User').' + + + - ' . trans('Group') . ' - - - + '.trans('Group').' + + + - ' . trans('All') . ' - - - + '.trans('All').' + + + @@ -496,12 +491,12 @@ if (isset($_GET['action'])) { '; if ((!$ftp && is_dir($path))) { - $ret .= '
' . trans('File_Permission_Recursive') . '

+ $ret .= '
'.trans('File_Permission_Recursive').'

'; } @@ -513,14 +508,14 @@ if (isset($_GET['action'])) { break; case 'get_lang': - if (!file_exists('lang/languages.php')) { - response(trans('Lang_Not_Found') . AddErrorLocation())->send(); + if (! file_exists('lang/languages.php')) { + response(trans('Lang_Not_Found').AddErrorLocation())->send(); exit; } $languages = include 'lang/languages.php'; - if (!isset($languages) || !is_array($languages)) { - response(trans('Lang_Not_Found') . AddErrorLocation())->send(); + if (! isset($languages) || ! is_array($languages)) { + response(trans('Lang_Not_Found').AddErrorLocation())->send(); exit; } @@ -537,11 +532,11 @@ if (isset($_GET['action'])) { break; case 'change_lang': - $choosen_lang = (!empty($_POST['choosen_lang'])) ? $_POST['choosen_lang'] : "en_EN"; + $choosen_lang = (!empty($_POST['choosen_lang']))? $_POST['choosen_lang']:"en_EN"; if (array_key_exists($choosen_lang, $languages)) { - if (!file_exists('lang/' . $choosen_lang . '.php')) { - response(trans('Lang_Not_Found') . AddErrorLocation())->send(); + if (! file_exists('lang/' . $choosen_lang . '.php')) { + response(trans('Lang_Not_Found').AddErrorLocation())->send(); exit; } else { $_SESSION['RF']['language'] = $choosen_lang; @@ -551,12 +546,12 @@ if (isset($_GET['action'])) { break; case 'cad_preview': if ($ftp) { - $selected_file = $config['ftp_base_url'] . $config['upload_dir'] . $_GET['file']; + $selected_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file']; } else { $selected_file = $config['current_path'] . $_GET['file']; - if (!file_exists($selected_file)) { - response(trans('File_Not_Found') . AddErrorLocation())->send(); + if (! file_exists($selected_file)) { + response(trans('File_Not_Found').AddErrorLocation())->send(); exit; } } @@ -576,17 +571,17 @@ if (isset($_GET['action'])) { $preview_mode = $_GET["preview_mode"]; if ($sub_action != 'preview' && $sub_action != 'edit') { - response(trans('wrong action') . AddErrorLocation())->send(); + response(trans('wrong action').AddErrorLocation())->send(); exit; } if ($ftp) { - $selected_file = ($sub_action == 'preview' ? $config['ftp_base_url'] . $config['upload_dir'] . $_GET['file'] : $config['ftp_base_url'] . $config['upload_dir'] . $_POST['path']); + $selected_file = ($sub_action == 'preview' ? $config['ftp_base_url'].$config['upload_dir'] . $_GET['file'] : $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']); } else { $selected_file = ($sub_action == 'preview' ? $config['current_path'] . $_GET['file'] : $config['current_path'] . $_POST['path']); - if (!file_exists($selected_file)) { - response(trans('File_Not_Found') . AddErrorLocation())->send(); + if (! file_exists($selected_file)) { + response(trans('File_Not_Found').AddErrorLocation())->send(); exit; } } @@ -601,20 +596,19 @@ if (isset($_GET['action'])) { $allowed_file_exts = $config['googledoc_file_exts']; } - if (!isset($allowed_file_exts) || !is_array($allowed_file_exts)) { + if (! isset($allowed_file_exts) || ! is_array($allowed_file_exts)) { $allowed_file_exts = array(); } if (!isset($info['extension'])) { - $info['extension'] = ''; + $info['extension']=''; } - if ( - !in_array($info['extension'], $allowed_file_exts) - || !isset($is_allowed) + if (! in_array($info['extension'], $allowed_file_exts) + || ! isset($is_allowed) || $is_allowed === false - || (!$ftp && !is_readable($selected_file)) + || (!$ftp && ! is_readable($selected_file)) ) { - response(sprintf(trans('File_Open_Edit_Not_Allowed'), ($sub_action == 'preview' ? strtolower(trans('Open')) : strtolower(trans('Edit')))) . AddErrorLocation())->send(); + response(sprintf(trans('File_Open_Edit_Not_Allowed'), ($sub_action == 'preview' ? strtolower(trans('Open')) : strtolower(trans('Edit')))).AddErrorLocation())->send(); exit; } if ($sub_action == 'preview') { @@ -625,7 +619,7 @@ if (isset($_GET['action'])) { $ret = ''; $ret .= ''; - $ret .= '
' . $data . '
'; + $ret .= '
'.$data.'
'; } elseif ($preview_mode == 'google') { if ($ftp) { $url_file = $selected_file; @@ -633,28 +627,28 @@ if (isset($_GET['action'])) { $url_file = $config['base_url'] . $config['upload_dir'] . str_replace($config['current_path'], '', $_GET["file"]); } - $googledoc_url = urlencode($url_file); - $ret = ""; - } - } else { - $data = stripslashes(htmlspecialchars(file_get_contents($selected_file))); - if (in_array($info['extension'], array('html', 'html'))) { - $ret = ''; - } else { - $ret = ''; - } + $googledoc_url = urlencode($url_file); + $ret = ""; + } + }else{ + $data = stripslashes(htmlspecialchars(file_get_contents($selected_file))); + if(in_array($info['extension'],array('html','html'))){ + $ret = ''; + }else{ + $ret = ''; + } - } + } - response($ret)->send(); - exit; + response($ret)->send(); + exit; break; default: - response(trans('no action passed') . AddErrorLocation())->send(); + response(trans('no action passed').AddErrorLocation())->send(); exit; } } else { - response(trans('no action passed') . AddErrorLocation())->send(); + response(trans('no action passed').AddErrorLocation())->send(); exit; -} \ No newline at end of file +} diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php index 06339a45..cb0254ae 100644 --- a/core/vendor/filemanager/config/config.php +++ b/core/vendor/filemanager/config/config.php @@ -447,7 +447,7 @@ $config = array( * TUI Image Editor config *******************/ // Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed - 'tui_active' => true, + 'tui_active' => false, 'tui_position' => 'bottom', // 'common.bi.image' => "../assets/images/logo.png", // 'common.bisize.width' => '70px',