jenkins-bot has submitted this change and it was merged. Change subject: Escape all shell arguments & sanitize filenames ......................................................................
Escape all shell arguments & sanitize filenames Code for the filename sanitization was stolen from the HTMLets extension. Cherry pick of: https://gerrit.wikimedia.org/r/#/c/192373/ and https://gerrit.wikimedia.org/r/#/c/237260/ Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777 --- M Git2Pages.php M GitRepository.php 2 files changed, 17 insertions(+), 9 deletions(-) Approvals: Addshore: Looks good to me, approved jenkins-bot: Verified diff --git a/Git2Pages.php b/Git2Pages.php index 59ac349..c3fec7c 100644 --- a/Git2Pages.php +++ b/Git2Pages.php @@ -7,7 +7,7 @@ 'path' => __FILE__, 'name' => 'Git2Pages', 'descriptionmsg' => 'git2pages-desc', - 'version' => '1.1.0', + 'version' => '1.1.1', 'author' => array( 'Teresa Cho' , 'Himeshi de Silva' ), 'url' => 'https://www.mediawiki.org/wiki/Extension:Git2Pages', ); diff --git a/GitRepository.php b/GitRepository.php index 3ac4abd..8e3d189 100644 --- a/GitRepository.php +++ b/GitRepository.php @@ -42,11 +42,11 @@ $sparseCheckoutFile = '.git/info/sparse-checkout'; if( $file = file_get_contents( $gitFolder . DIRECTORY_SEPARATOR . $sparseCheckoutFile ) ) { if( strpos( $file, $checkoutItem ) === false ) { - wfShellExec( 'echo ' . $checkoutItem . ' >> ' . $sparseCheckoutFile ); + wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) ); } } else { - wfShellExec( 'touch ' . $sparseCheckoutFile ); - wfShellExec( 'echo ' . $checkoutItem . ' >> ' . $sparseCheckoutFile ); + wfShellExec( 'touch ' . wfEscapeShellArg( $sparseCheckoutFile ) ); + wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) ); } wfShellExec( 'git read-tree -mu HEAD' ); chdir( $oldDir ); @@ -64,11 +64,11 @@ chdir( $gitFolder ); $sparseCheckoutFile = '.git/info/sparse-checkout'; wfShellExec( 'git init' ); - wfShellExec( 'git remote add -f origin ' . $url ); + wfShellExec( 'git remote add -f origin ' . wfEscapeShellArg( $url ) ); wfShellExec( 'git config core.sparsecheckout true' ); - wfShellExec( 'touch ' . $sparseCheckoutFile ); - wfShellExec( 'echo ' . $checkoutItem . ' >> ' . $sparseCheckoutFile ); - wfShellExec( 'git pull ' . $url . ' ' . $branch ); + wfShellExec( 'touch ' . wfEscapeShellArg( $sparseCheckoutFile ) ); + wfShellExec( 'echo ' . wfEscapeShellArg( $checkoutItem ) . ' >> ' . wfEscapeShellArg( $sparseCheckoutFile ) ); + wfShellExec( 'git pull ' . wfEscapeShellArg( $url ) . ' ' . wfEscapeShellArg( $branch ) ); wfDebug( 'GitRepository: Sparse checkout subdirectory' ); chdir( $oldDir ); } else { @@ -84,7 +84,7 @@ * @param string $gitFolder is the Git repository in which the branch will be checked in */ function GitCheckoutBranch( $branch, $gitFolder ) { - wfShellExec( 'git --git-dir=' . $gitFolder . '/.git --work-tree=' . $gitFolder . ' checkout ' . $branch ); + wfShellExec( 'git --git-dir=' . wfEscapeShellArg( $gitFolder ) . '/.git --work-tree=' . wfEscapeShellArg( $gitFolder ) . ' checkout ' . wfEscapeShellArg( $branch ) ); wfDebug( 'GitRepository: Changed to branch ' . $branch ); } @@ -95,7 +95,15 @@ * @param array $options contains user inputs */ function FindAndReadFile( $filename, $gitFolder, $startLine = 1, $endLine = -1 ) { + # Remove file separators (dots) and slashes to prevent directory traversal attack + $filename = preg_replace( '@[\\\\/!]|^\.+?&#@', '', $filename ); $filePath = $gitFolder . DIRECTORY_SEPARATOR . $filename; + + # Throw an exception if $gitFolder doesn't look like a folder + if ( strcmp( $gitFolder, realpath( $gitFolder ) ) !== 0 ) { + throw new Exception( 'The parameter "$gitFolder" does not seem to be a folder.' ); + } + if( $fileArray = file( $filePath ) ) { if( $endLine == -1 ) { $lineBlock = array_slice( $fileArray, $startLine - 1 ); -- To view, visit https://gerrit.wikimedia.org/r/237404 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0418666d6fe4002843647c2103fcd1c1307e5777 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/extensions/Git2Pages Gerrit-Branch: REL1_25 Gerrit-Owner: Southparkfan <southparkfan...@hotmail.com> Gerrit-Reviewer: Addshore <addshorew...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits