[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)

Southparkfan (Code Review) Thu, 10 Sep 2015 08:24:58 -0700

Southparkfan has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/237399


Change subject: Escape all shell arguments & sanitize filenames
......................................................................

Escape all shell arguments & sanitize filenames

Code for the filename sanitization was stolen from the HTMLets extension.
Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/ and 
https://gerrit.wikimedia.org/r/#/c/237260/

Change-Id: Icfe340d5718f115179ef75c3a87104c0fb7b9664
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Git2Pages 
refs/changes/99/237399/1

diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
     'path' => __FILE__,
     'name' => 'Git2Pages',
     'descriptionmsg' => 'git2pages-desc',
-    'version' => '1.1.0',
+    'version' => '1.1.1',
     'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
     'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
 );
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
                $sparseCheckoutFile = '.git/info/sparse-checkout';
                if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR 
. $sparseCheckoutFile ) ) {
                        if( strpos( $file, $checkoutItem ) === false ) {
-                               wfShellExec( 'echo ' . $checkoutItem . ' >> ' . 
$sparseCheckoutFile );
+                               wfShellExec( 'echo ' . wfEscapeShellArg( 
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
                        }
                } else {
-                       wfShellExec( 'touch ' . $sparseCheckoutFile );
-                       wfShellExec( 'echo ' . $checkoutItem . ' >> ' . 
$sparseCheckoutFile );
+                       wfShellExec( 'touch ' . wfEscapeShellArg( 
$sparseCheckoutFile ) );
+                       wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem 
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
                }
                wfShellExec( 'git read-tree -mu HEAD' );
                chdir( $oldDir );
@@ -64,11 +64,11 @@
                        chdir( $gitFolder );
                        $sparseCheckoutFile = '.git/info/sparse-checkout';
                        wfShellExec( 'git init' );
-                       wfShellExec( 'git remote add -f origin ' . $url );
+                       wfShellExec( 'git remote add -f origin ' . 
wfEscapeShellArg( $url ) );
                        wfShellExec( 'git config core.sparsecheckout true' );
-                       wfShellExec( 'touch ' . $sparseCheckoutFile );
-                       wfShellExec( 'echo ' . $checkoutItem . ' >> ' . 
$sparseCheckoutFile );
-                       wfShellExec( 'git pull ' . $url . ' ' . $branch );
+                       wfShellExec( 'touch ' . wfEscapeShellArg( 
$sparseCheckoutFile ) );
+                       wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem 
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+                       wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . ' 
' . wfEscapeShellArg( $branch ) );
                        wfDebug( 'GitRepository: Sparse checkout subdirectory' 
);
                        chdir( $oldDir );
                } else {
@@ -84,7 +84,7 @@
         * @param string $gitFolder is the Git repository in which the branch 
will be checked in
         */
        function GitCheckoutBranch( $branch, $gitFolder ) {
-               wfShellExec( 'git --git-dir=' . $gitFolder . '/.git 
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+               wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder ) 
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' . 
wfEscapeShellArg( $branch ) );
                wfDebug( 'GitRepository: Changed to branch ' . $branch );
        }
 
@@ -95,7 +95,15 @@
         * @param array $options contains user inputs
         */
        function FindAndReadFile( $filename, $gitFolder, $startLine = 1, 
$endLine = -1 ) {
+               # Remove file separators (dots) and slashes to prevent 
directory traversal attack
+               $filename = preg_replace( '@[\\\\/!]|^\.+?&#@', '', $filename );
                $filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+               # Throw an exception if $gitFolder doesn't look like a folder
+               if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+                       throw new Exception( 'The parameter "$gitFolder" does 
not seem to be a folder.' );
+               }
+
                if( $fileArray = file( $filePath ) ) {
                        if( $endLine == -1 ) {
                                $lineBlock = array_slice( $fileArray, 
$startLine - 1 );

-- 
To view, visit https://gerrit.wikimedia.org/r/237399
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Icfe340d5718f115179ef75c3a87104c0fb7b9664
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Git2Pages
Gerrit-Branch: master
Gerrit-Owner: Southparkfan <southparkfan...@hotmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Escape all shell arguments & sanitize filenames - change (mediawiki...Git2Pages)

Reply via email to