[geeklog-devel] Testing of getimage.php

[Vincent Furia]

Tony,

I'd recommend using the php function "basename()" on the $image 
variable.  That way there will be no way to sneek a path in...  Also, 
check to see if those $_CONF variables are empty. If not I could see 
that causing some problems in the future.  Also, for future reference, 
rather than checking for ".." in a pathname you can use the "realpath()" 
function to resolve "..", ".", and symbolic links to the actual path to 
a file.

Hope this helps.

-Vinny

Dirk Haun wrote:

>Tony,
>
>  
>
>>My only real issue with what I have done is security.  I'm worried that 
>>it may be possible to hack the getstring in a way that may allow access 
>>to unrestricted files.
>>    
>>
>
>Since you're including lib-common.php in the very first line, which then
>goes on to include config.php (all with hard-coded paths), it would
>overwrite whatever path was passed in the URL. So that shouldn't be a problem.
>
>The only issue would come up if someone doesn't have the
>$_CONF['path_images'] defined in their config.php (e.g. because they were
>using an old copy). But that would probably be noticed before any hacking
>attempts ...
>
>
>  
>
>>and I am check for '..' in the image name for someone that 
>>may try using relative paths
>>    
>>
>
>That certainly can't hurt.
>
>
>  
>
>>If you get a chance, give it a try.
>>    
>>
>
>Haven't tried it yet, the above were just thoughts after looking at the
>source.
>
>bye, Dirk
>
>
>  
>