Skip to content

Commit

Permalink
v3.0 - Improve sanitization.
Browse files Browse the repository at this point in the history
-v3.0.
-Improve sanitization.
-Based on input from neogeovr on Reddit.
  • Loading branch information
zelon88 authored Nov 19, 2018
1 parent 07473b0 commit 61d35a6
Show file tree
Hide file tree
Showing 6 changed files with 227 additions and 212 deletions.
15 changes: 15 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
COMMIT 11/18/2018
v3.0 - Improve sanitization.

-v3.0.
-Improve sanitization.
-Based on input from neogeovr on Reddit.

----------
COMMIT 11/15/2018
v2.9.9 - Add OpenJSCAD app.

-v2.9.9.
-Add OpenJSCAD app.

----------
COMMIT 10/28/2018
v2.9.8 - Fix HTML syntax, remove unneeded core calls.

Expand Down
232 changes: 116 additions & 116 deletions cloudCore.php

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions commonCore.php
Original file line number Diff line number Diff line change
Expand Up @@ -171,17 +171,17 @@
// / Also used to create new UserDirs.
$UserDirPOST = '/';
// / If a valid UserDir is set, use it for all paths and operations.
if (isset($_POST['UserDir']) or $_POST['UserDir'] !== '/') $UserDirPOST = $_POST['UserDirPOST'] = str_replace('//', '/', str_replace('///', '/', '/'.$_POST['UserDir'].'/'));
if (isset($_POST['UserDir']) or $_POST['UserDir'] !== '/') $UserDirPOST = $_POST['UserDirPOST'] = str_replace('..', '', str_replace('//', '/', str_replace('///', '/', '/'.$_POST['UserDir'].'/')));
// / If the root Cloud Drive is selected set the path directory and URL directory as a slash.
if (!isset($_POST['UserDir']) && !isset($_POST['UserDirPOST'])) $Udir = $UserDirPOST = '/';
// / Whatever directory the user is "in" is used for URLs.
if (isset($_POST['UserDir']) or isset($_POST['UserDirPOST'])) $Udir = str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', $_POST['UserDirPOST'].'/')));
if (isset($_POST['UserDir']) or isset($_POST['UserDirPOST'])) $Udir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', $_POST['UserDirPOST'].'/'))));
// / -----------------------------------------------------------------------------------

// / -----------------------------------------------------------------------------------
// / The following code defines the user directories and adds them to the array of RequiredDirs.
$CloudTmpDir = str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudTempDir.$UserDirPOST))));
$CloudUsrDir = str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudDir.$UserDirPOST))));
$CloudTmpDir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudTempDir.$UserDirPOST)))));
$CloudUsrDir = str_replace('..', '', str_replace('//', '/', str_replace('//', '/', str_replace('//', '/', str_replace('///', '/', $CloudDir.$UserDirPOST)))));
array_push($RequiredDirs1, $CloudTmpDir, $CloudUsrDir);
// / -----------------------------------------------------------------------------------

Expand Down
18 changes: 9 additions & 9 deletions compatibilityCore.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

/*
HRCLOUD2 VERSION INFORMATION
THIS VERSION : v2.9.9
WRITTEN ON : 11/15/2018
THIS VERSION : v3.0
WRITTEN ON : 11/18/2018
*/

// / -----------------------------------------------------------------------------------
Expand Down Expand Up @@ -37,13 +37,13 @@

// / -----------------------------------------------------------------------------------
// / The following code sets the global variables for the session.
$ClearCachePOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['ClearCache']);
$AutoUpdatePOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoUpdate']);
$AutoDownloadPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoDownload']);
$AutoInstallPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoInstall']);
$AutoCleanPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoClean']);
$CheckCompatPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckCompatibility']);
$CheckPermsPOST = str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckPermissions']);
$ClearCachePOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['ClearCache']));
$AutoUpdatePOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoUpdate']));
$AutoDownloadPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoDownload']));
$AutoInstallPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoInstall']));
$AutoCleanPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['AutoClean']));
$CheckCompatPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckCompatibility']));
$CheckPermsPOST = str_replace('..', '', str_replace(str_split('./[]{};:$!#^&%@>*<'), '', $_POST['CheckPermissions']));
$ResourceDir = $InstLoc.'/Resources/TEMP';
$ResourceDir1 = $ResourceDir.'/HRCloud2-master';
$UpdatedZIP1 = $ResourceDir.'/HRC2UPDATE1.zip';
Expand Down
Loading

0 comments on commit 61d35a6

Please sign in to comment.