Discussion:
"Sanitize" paths
Niels Ganser
2005-10-02 00:46:47 UTC
Permalink
Hi,

I'm working on a script which basically loads an image, the user
requested and wonder how to properly sanitize the passed path. For
instance the user should never ever be able to do somtehing
like ?load=../../../etc/passwd.

My approach so far is to simply urldecode() the given string and return
an error if ".." is found in it. Maybe I'm a little paranoid but is this
really enough?

For clarification: All paths are prefixed with some kind of a root path.
All images within this root path may be accessed but "jumping" out of it
should not be allowed.

Regards,
Niels.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Philip Hallstrom
2005-10-02 00:51:38 UTC
Permalink
Post by Niels Ganser
I'm working on a script which basically loads an image, the user
requested and wonder how to properly sanitize the passed path. For
instance the user should never ever be able to do somtehing
like ?load=../../../etc/passwd.
My approach so far is to simply urldecode() the given string and return
an error if ".." is found in it. Maybe I'm a little paranoid but is this
really enough?
For clarification: All paths are prefixed with some kind of a root path.
All images within this root path may be accessed but "jumping" out of it
should not be allowed.
realpath() is your friend... prepend your root path to the passed in
string, then run that through realpath, then verify that your root path is
still prepended...

http://us2.php.net/realpath

realpath() expands all symbolic links and resolves references to '/./',
'/../' and extra '/' characters in the input path and return the
canonicalized absolute pathname. The resulting path will have no symbolic
link, '/./' or '/../' components.

realpath() returns FALSE on failure, e.g. if the file does not exist. On
BSD systems realpath() doesn't fail if only the last path component
doesn't exist, while other systems will return FALSE.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Niels Ganser
2005-10-02 01:01:05 UTC
Permalink
Thanks for your reply, Philip.
Post by Philip Hallstrom
realpath() is your friend...
That has been my first impression too, but...
Post by Philip Hallstrom
realpath() expands all symbolic links
I am actually using symlinks :)

I trust the files on my server so "local redirects" via symlinks are no
problem, the user submitted data is.

Regards,
Niels.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Philip Hallstrom
2005-10-02 15:26:16 UTC
Permalink
Post by Niels Ganser
Post by Philip Hallstrom
realpath() is your friend...
That has been my first impression too, but...
Post by Philip Hallstrom
realpath() expands all symbolic links
I am actually using symlinks :)
I trust the files on my server so "local redirects" via symlinks are no
problem, the user submitted data is.
Then realpath() your doc root as well and then you'll be comparing apples
to apples...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Robert Cummings
2005-10-02 18:02:24 UTC
Permalink
Post by Niels Ganser
Post by Philip Hallstrom
realpath() is your friend...
That has been my first impression too, but...
Post by Philip Hallstrom
realpath() expands all symbolic links
I am actually using symlinks :)
I trust the files on my server so "local redirects" via symlinks are no
problem, the user submitted data is.
The following might help you write your own:

http://www.interjinn.com/jinnDoc/interjinn.function.jinn____fullRelativePath.phtml

Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Loading...