jenkins-bot has submitted this change and it was merged.

Change subject: Escape all shell arguments & sanitize filenames
......................................................................


Escape all shell arguments & sanitize filenames

Code for the filename sanitization was stolen
from the HTMLets extension.

Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/
and https://gerrit.wikimedia.org/r/#/c/237260/

Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
---
M Git2Pages.php
M GitRepository.php
2 files changed, 17 insertions(+), 9 deletions(-)

Approvals:
  Addshore: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/Git2Pages.php b/Git2Pages.php
index 59ac349..c3fec7c 100644
--- a/Git2Pages.php
+++ b/Git2Pages.php
@@ -7,7 +7,7 @@
     'path' => __FILE__,
     'name' => 'Git2Pages',
     'descriptionmsg' => 'git2pages-desc',
-    'version' => '1.1.0',
+    'version' => '1.1.1',
     'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ),
     'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages',
 );
diff --git a/GitRepository.php b/GitRepository.php
index 3ac4abd..8e3d189 100644
--- a/GitRepository.php
+++ b/GitRepository.php
@@ -42,11 +42,11 @@
                $sparseCheckoutFile = '.git/info/sparse-checkout';
                if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR 
. $sparseCheckoutFile ) ) {
                        if( strpos( $file, $checkoutItem ) === false ) {
-                               wfShellExec( 'echo ' . $checkoutItem . ' >> ' . 
$sparseCheckoutFile );
+                               wfShellExec( 'echo ' . wfEscapeShellArg( 
$checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
                        }
                } else {
-                       wfShellExec( 'touch ' . $sparseCheckoutFile );
-                       wfShellExec( 'echo ' . $checkoutItem . ' >> ' . 
$sparseCheckoutFile );
+                       wfShellExec( 'touch ' . wfEscapeShellArg( 
$sparseCheckoutFile ) );
+                       wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem 
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
                }
                wfShellExec( 'git read-tree -mu HEAD' );
                chdir( $oldDir );
@@ -64,11 +64,11 @@
                        chdir( $gitFolder );
                        $sparseCheckoutFile = '.git/info/sparse-checkout';
                        wfShellExec( 'git init' );
-                       wfShellExec( 'git remote add -f origin ' . $url );
+                       wfShellExec( 'git remote add -f origin ' . 
wfEscapeShellArg( $url ) );
                        wfShellExec( 'git config core.sparsecheckout true' );
-                       wfShellExec( 'touch ' . $sparseCheckoutFile );
-                       wfShellExec( 'echo ' . $checkoutItem . ' >> ' . 
$sparseCheckoutFile );
-                       wfShellExec( 'git pull ' . $url . ' ' . $branch );
+                       wfShellExec( 'touch ' . wfEscapeShellArg( 
$sparseCheckoutFile ) );
+                       wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem 
) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) );
+                       wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . ' 
' . wfEscapeShellArg( $branch ) );
                        wfDebug( 'GitRepository: Sparse checkout subdirectory' 
);
                        chdir( $oldDir );
                } else {
@@ -84,7 +84,7 @@
         * @param string $gitFolder is the Git repository in which the branch 
will be checked in
         */
        function GitCheckoutBranch( $branch, $gitFolder ) {
-               wfShellExec( 'git --git-dir=' . $gitFolder . '/.git 
--work-tree=' . $gitFolder . ' checkout ' . $branch );
+               wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder ) 
. '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' . 
wfEscapeShellArg( $branch ) );
                wfDebug( 'GitRepository: Changed to branch ' . $branch );
        }
 
@@ -95,7 +95,15 @@
         * @param array $options contains user inputs
         */
        function FindAndReadFile( $filename, $gitFolder, $startLine = 1, 
$endLine = -1 ) {
+               # Remove file separators (dots) and slashes to prevent 
directory traversal attack
+               $filename = preg_replace( '@[\\\\/!]|^\.+?&#@', '', $filename );
                $filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename;
+
+               # Throw an exception if $gitFolder doesn't look like a folder
+               if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) {
+                       throw new Exception( 'The parameter "$gitFolder" does 
not seem to be a folder.' );
+               }
+
                if( $fileArray = file( $filePath ) ) {
                        if( $endLine == -1 ) {
                                $lineBlock = array_slice( $fileArray, 
$startLine - 1 );

-- 
To view, visit https://gerrit.wikimedia.org/r/237404
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/Git2Pages
Gerrit-Branch: REL1_25
Gerrit-Owner: Southparkfan <southparkfan...@hotmail.com>
Gerrit-Reviewer: Addshore <addshorew...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to