• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
$_GET Question

#1
I got told my code has a lot of security issue with using get how can I improve on it any suggestions and examples would be help full thanks

The file manager works like when user logs in to admin area they can create directory, upload images, delete images and folders etc. 

It is all loaded done via ajax etc.

I have attached the file manager view which has the main ajax stuff on

[Image: 3Y5PYgQSVnZ9.png]


PHP Code:
<?php

class Example extends MX_Controller {

 
   public function __construct()
 
   {
 
       parent::__construct();
 
       $this->load->library('pagination');
 
       $this->load->library('image_lib');
 
       $this->load->helper('html');
 
       $this->load->helper('string');
 
       define('DIR_IMAGE'FCPATH 'image/');
 
       
    
}

 
   public function index()
 
   {

 
       // Todo set folder limit for user.

 
       $data['breadcrumbs'] = array();

 
       $data['breadcrumbs'][] = array(
 
           'text' => 'Catalog',
 
           'href' => base_url('admin/common/filemanager/')
 
       );

 
       $directory_names explode('/'$this->input->get('directory'TRUE));
 
       
        $directory_done 
'';

 
       foreach ($directory_names as $directory_name) {
 
           
            $directory_done 
.= ($directory_done <> '''/':'').$directory_name
 
           
            $data
['breadcrumbs'][] = array(
 
               'text' => ucfirst($directory_name),
 
               'href' => base_url('admin/common/filemanager/'). '?directory=' $directory_done
            
);
 
       

 
       if ($this->input->get('filter_name')) {
 
           $filter_name $this->input->get('filter_name'TRUE);
 
       } else {
 
           $filter_name null;
 
       }

 
       if ($this->input->get('directory')) {
 
           $directory FCPATH 'image/catalog/' $this->input->get('directory'TRUE);
 
       } else {
 
           $directory FCPATH 'image/catalog';
 
       }

 
       $data['images'] = array();

 
       // Get directories
 
       $directories glob($directory '/' $filter_name '*'GLOB_ONLYDIR);

 
       if (!$directories) {
 
           $directories = array();
 
       }

 
       // Get files
 
       $files glob($directory '/' $filter_name '*.{jpg,jpeg,png,gif,JPG,JPEG,PNG,GIF}'GLOB_BRACE);

 
       if (!$files) {
 
           $files = array();
 
       }

 
       // Merge directories and files
 
       $images array_merge($directories$files);

 
       // Get total number of files and directories
 
       $image_total count($images);

 
       $per_page 8;
 
       $segment $this->input->get('per_page');
 
       $segment += $per_page;

 
       foreach ($images as $key => $image) {

 
           if ($key $segment && $key >= $segment $per_page) {

 
               $name basename(preg_replace("/\.[^.]+$/"""$image));

 
               if (is_dir($image)) {

 
                   $url '';

 
                   if ($this->input->get('target')) {
 
                       $url .= '&target=' $this->input->get('target');
 
                   }

 
                   if ($this->input->get('thumb')) {
 
                       $url .= '&thumb=' $this->input->get('thumb');
 
                   }

 
                   $data['images'][] = array(
 
                       'thumb' => '',
 
                       'name' => $name,
 
                       'type' => 'directory',
 
                       'path' => substr($imagestrlen(FCPATH 'image/')),
 
                       'href' => site_url('admin/common/filemanager/?directory=' substr($imagestrlen(FCPATH 'image/' 'catalog/')) . $url)
 
                   );

 
               } elseif (is_file($image)) {

 
                   $width 100;
 
                   $height 100;

 
                   $old_filename substr($imagestrlen(DIR_IMAGE));

 
                   $extension pathinfo($old_filenamePATHINFO_EXTENSION);

 
                   $new_image substr($old_filename0strrpos($old_filename'.')) . '-' $width 'x' $height '.' $extension;

 
                   if (!is_dir(DIR_IMAGE 'cache/' $new_image)) {
 
                       if ($this->input->get('directory')) {
 
                           @mkdir(DIR_IMAGE 'cache/catalog/' $this->input->get('directory') .'/'0777true);
 
                       } else {
 
                           @mkdir(DIR_IMAGE 'cache/catalog/'0777true);
 
                       }
 
                   }

 
                   if (!file_exists(DIR_IMAGE 'cache/' $new_image)) {

 
                       $config = array(
 
                           'image_library' => 'gd2',
 
                           'source_image' => $image,
 
                           'create_thumb' => false,
 
                           'maintain_ratio' => false,
 
                           'width' => $width,
 
                           'height' => $height,
 
                           'overwrite' => true,
 
                           'new_image' => DIR_IMAGE 'cache/' $new_image
                        
);

 
                       $this->image_lib->initialize($config);  
                        $this
->image_lib->resize();
 
                       $this->image_lib->clear();
 
                   }

 
                   $data['images'][] = array(
 
                           'type' => 'image',
 
                           'href' => base_url('image/' substr($imagestrlen(DIR_IMAGE))),
 
                           'thumb' => img('image/cache/'$new_image),
 
                           'name' => (strlen($name) > 13) ? substr($name,0,10).'...' $name,
 
                           'path' => substr($imagestrlen(DIR_IMAGE)),
 
                           'cache' => DIR_IMAGE 'cache/' $new_image
                        
);
 
                   }
 
           }
 
       }

 
       $data['heading_title'] = "Image Manager";

 
       $data['text_no_results'] = "No Results";
 
       $data['text_confirm'] = "Are You Sure";

 
       $data['entry_search'] = "Search..";
 
       $data['entry_folder'] = "New Folder";

 
       $data['button_parent'] = "Parent";
 
       $data['button_refresh'] = "Refresh";
 
       $data['button_upload'] = "Upload";
 
       $data['button_folder'] = "Create Folder";
 
       $data['button_delete'] = "Delete";
 
       $data['button_search'] = "Search";

 
       if ($this->input->get('directory')) {
 
           $data['directory'] = $this->input->get('directory');
 
       } else {
 
           $data['directory'] = '';
 
       }

 
       // Return the filter name
 
       if ($this->input->get('filter_name')) {
 
           $data['filter_name'] = $this->input->get('filter_name');
 
       } else {
 
           $data['filter_name'] = '';
 
       }

 
       // Return the target ID for the file manager to set the value
 
       if ($this->input->get('target')) {
 
           $data['target'] = $this->input->get('target');
 
       } else {
 
           $data['target'] = '';
 
       }

 
       // Return the thumbnail for the file manager to show a thumbnail
 
       if ($this->input->get('thumb')) {
 
           $data['thumb'] = $this->input->get('thumb');
 
       } else {
 
           $data['thumb'] = '';
 
       }

 
       // Parent
 
       $url '';

 
       if ($this->input->get('directory')) {
 
           $pos strrpos($this->input->get('directory'), '/');

 
           if ($pos) {
 
               $url .= '?directory=' substr($this->input->get('directory'), 0$pos);
 
           }
 
       }

 
       if ($this->input->get('target')) {
 
           $url .= '&target=' $this->input->get('target');
 
       }

 
       if ($this->input->get('thumb')) {
 
           $url .= '&thumb=' $this->input->get('thumb');
 
       }

 
       $data['parent'] = site_url('admin/common/filemanager' $url);

 
       // Refresh
 
       $url '';

 
       if ($this->input->get('directory')) {
 
           $url .= '?directory=' $this->input->get('directory');
 
       }

 
       if ($this->input->get('target')) {
 
           $url .= '&target=' $this->input->get('target');
 
       }

 
       if ($this->input->get('thumb')) {
 
           $url .= '&thumb=' $this->input->get('thumb');
 
       }

 
       $data['refresh'] = site_url('admin/common/filemanager' $url);


 
       // Pagination 

 
       $url '';

 
       if ($this->input->get('directory')) {
 
           $url .= '?directory=' $this->input->get('directory');
 
       }

 
       $config['base_url'] = base_url('admin/common/filemanager');
 
       $config['total_rows'] = $image_total;
 
       $config['per_page'] = $per_page;
 
       $config['page_query_string'] = TRUE;
 
       $config['num_links'] = "16";

 
       $config['full_tag_open'] = '<nav><ul class="pagination">';
 
       $config['full_tag_close'] = '</ul></nav>';
 
       $config['num_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['num_tag_close'] = '</span></li>';
 
       $config['cur_tag_open'] = '<li class="page-item active"><span class="page-link">';
 
       $config['cur_tag_close'] = '<span class="sr-only">(current)</span></span></li>';
 
       $config['next_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['next_tagl_close'] = '<span aria-hidden="true">&raquo;</span></span></li>';
 
       $config['prev_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['prev_tagl_close'] = '</span></li>';
 
       $config['first_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['first_tagl_close'] = '</span></li>';
 
       $config['last_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['last_tagl_close' '</span></li>';

 
       $this->pagination->initialize($config);

 
       $data['pagination'] = $this->pagination->create_links();

 
       $this->load->view('common/filemanager_view'$data);
 
   }

The script below runs the modal
Code:
$(document).ready(function() {

    $('[data-toggle=\'tooltip\']').tooltip({container: 'body', html: true});

    // Makes tooltips work on ajax generated content
    $(document).ajaxStop(function() {
        $('[data-toggle=\'tooltip\']').tooltip({container: 'body'});
    });    
    
    // Image Manager
    $(document).delegate('a[data-toggle=\'image\']', 'click', function(e) {
        
        e.preventDefault();
        
        $('.popover').popover('hide', function() {
            $('.popover').remove();
        });
                    
        var element = this;
        
        $(element).popover({
            html: true,
            placement: 'right',
            trigger: 'manual',
            content: function() {
                return '<button type="button" id="button-image" class="btn btn-primary"><i class="fa fa-pencil"></i></button> <button type="button" id="button-clear" class="btn btn-danger"><i class="fa fa-times"></i></button>';
            }
        });
        
        $(element).popover('show');

        $('#button-image').on('click', function() {
            $('#modal-image').remove();
        
            $.ajax({
                url: base_url + 'admin/common/filemanager?target=' + $(element).parent().find('input').attr('id') + '&thumb=' + $(element).attr('id'),
                dataType: 'html',
                beforeSend: function() {
                    $('#button-image i').replaceWith('<i class="fa fa-circle-o-notch fa-spin"></i>');
                    $('#button-image').prop('disabled', true);
                },
                complete: function() {
                    $('#button-image i').replaceWith('<i class="fa fa-pencil"></i>');
                    $('#button-image').prop('disabled', false);
                },
                success: function(html) {
                    $('body').append('<div id="modal-image" class="modal">' + html + '</div>');
        
                    $('#modal-image').modal('show');
                }
            });
            
            $(element).popover('hide', function() {
                $('.popover').remove();
            });
        });        
    });
});


Attached Files
.php   Example.php (Size: 9.45 KB / Downloads: 80)
.php   filemanager_view.php (Size: 8.59 KB / Downloads: 59)
There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply

#2
(08-25-2017, 03:34 AM)wolfgang1983 Wrote: I got told my code has a lot of security issue with using get how can I improve on it any suggestions and examples would be help full thanks

The file manager works like when user logs in to admin area they can create directory, upload images, delete images and folders etc. 

It is all loaded done via ajax etc.

I have attached the file manager view which has the main ajax stuff on

[Image: 3Y5PYgQSVnZ9.png]


PHP Code:
<?php

class Example extends MX_Controller {

 
   public function __construct()
 
   {
 
       parent::__construct();
 
       $this->load->library('pagination');
 
       $this->load->library('image_lib');
 
       $this->load->helper('html');
 
       $this->load->helper('string');
 
       define('DIR_IMAGE'FCPATH 'image/');
 
       
    
}

 
   public function index()
 
   {

 
       // Todo set folder limit for user.

 
       $data['breadcrumbs'] = array();

 
       $data['breadcrumbs'][] = array(
 
           'text' => 'Catalog',
 
           'href' => base_url('admin/common/filemanager/')
 
       );

 
       $directory_names explode('/'$this->input->get('directory'TRUE));
 
       
        $directory_done 
'';

 
       foreach ($directory_names as $directory_name) {
 
           
            $directory_done 
.= ($directory_done <> '''/':'').$directory_name
 
           
            $data
['breadcrumbs'][] = array(
 
               'text' => ucfirst($directory_name),
 
               'href' => base_url('admin/common/filemanager/'). '?directory=' $directory_done
            
);
 
       

 
       if ($this->input->get('filter_name')) {
 
           $filter_name $this->input->get('filter_name'TRUE);
 
       } else {
 
           $filter_name null;
 
       }

 
       if ($this->input->get('directory')) {
 
           $directory FCPATH 'image/catalog/' $this->input->get('directory'TRUE);
 
       } else {
 
           $directory FCPATH 'image/catalog';
 
       }

 
       $data['images'] = array();

 
       // Get directories
 
       $directories glob($directory '/' $filter_name '*'GLOB_ONLYDIR);

 
       if (!$directories) {
 
           $directories = array();
 
       }

 
       // Get files
 
       $files glob($directory '/' $filter_name '*.{jpg,jpeg,png,gif,JPG,JPEG,PNG,GIF}'GLOB_BRACE);

 
       if (!$files) {
 
           $files = array();
 
       }

 
       // Merge directories and files
 
       $images array_merge($directories$files);

 
       // Get total number of files and directories
 
       $image_total count($images);

 
       $per_page 8;
 
       $segment $this->input->get('per_page');
 
       $segment += $per_page;

 
       foreach ($images as $key => $image) {

 
           if ($key $segment && $key >= $segment $per_page) {

 
               $name basename(preg_replace("/\.[^.]+$/"""$image));

 
               if (is_dir($image)) {

 
                   $url '';

 
                   if ($this->input->get('target')) {
 
                       $url .= '&target=' $this->input->get('target');
 
                   }

 
                   if ($this->input->get('thumb')) {
 
                       $url .= '&thumb=' $this->input->get('thumb');
 
                   }

 
                   $data['images'][] = array(
 
                       'thumb' => '',
 
                       'name' => $name,
 
                       'type' => 'directory',
 
                       'path' => substr($imagestrlen(FCPATH 'image/')),
 
                       'href' => site_url('admin/common/filemanager/?directory=' substr($imagestrlen(FCPATH 'image/' 'catalog/')) . $url)
 
                   );

 
               } elseif (is_file($image)) {

 
                   $width 100;
 
                   $height 100;

 
                   $old_filename substr($imagestrlen(DIR_IMAGE));

 
                   $extension pathinfo($old_filenamePATHINFO_EXTENSION);

 
                   $new_image substr($old_filename0strrpos($old_filename'.')) . '-' $width 'x' $height '.' $extension;

 
                   if (!is_dir(DIR_IMAGE 'cache/' $new_image)) {
 
                       if ($this->input->get('directory')) {
 
                           @mkdir(DIR_IMAGE 'cache/catalog/' $this->input->get('directory') .'/'0777true);
 
                       } else {
 
                           @mkdir(DIR_IMAGE 'cache/catalog/'0777true);
 
                       }
 
                   }

 
                   if (!file_exists(DIR_IMAGE 'cache/' $new_image)) {

 
                       $config = array(
 
                           'image_library' => 'gd2',
 
                           'source_image' => $image,
 
                           'create_thumb' => false,
 
                           'maintain_ratio' => false,
 
                           'width' => $width,
 
                           'height' => $height,
 
                           'overwrite' => true,
 
                           'new_image' => DIR_IMAGE 'cache/' $new_image
                        
);

 
                       $this->image_lib->initialize($config);  
                        $this
->image_lib->resize();
 
                       $this->image_lib->clear();
 
                   }

 
                   $data['images'][] = array(
 
                           'type' => 'image',
 
                           'href' => base_url('image/' substr($imagestrlen(DIR_IMAGE))),
 
                           'thumb' => img('image/cache/'$new_image),
 
                           'name' => (strlen($name) > 13) ? substr($name,0,10).'...' $name,
 
                           'path' => substr($imagestrlen(DIR_IMAGE)),
 
                           'cache' => DIR_IMAGE 'cache/' $new_image
                        
);
 
                   }
 
           }
 
       }

 
       $data['heading_title'] = "Image Manager";

 
       $data['text_no_results'] = "No Results";
 
       $data['text_confirm'] = "Are You Sure";

 
       $data['entry_search'] = "Search..";
 
       $data['entry_folder'] = "New Folder";

 
       $data['button_parent'] = "Parent";
 
       $data['button_refresh'] = "Refresh";
 
       $data['button_upload'] = "Upload";
 
       $data['button_folder'] = "Create Folder";
 
       $data['button_delete'] = "Delete";
 
       $data['button_search'] = "Search";

 
       if ($this->input->get('directory')) {
 
           $data['directory'] = $this->input->get('directory');
 
       } else {
 
           $data['directory'] = '';
 
       }

 
       // Return the filter name
 
       if ($this->input->get('filter_name')) {
 
           $data['filter_name'] = $this->input->get('filter_name');
 
       } else {
 
           $data['filter_name'] = '';
 
       }

 
       // Return the target ID for the file manager to set the value
 
       if ($this->input->get('target')) {
 
           $data['target'] = $this->input->get('target');
 
       } else {
 
           $data['target'] = '';
 
       }

 
       // Return the thumbnail for the file manager to show a thumbnail
 
       if ($this->input->get('thumb')) {
 
           $data['thumb'] = $this->input->get('thumb');
 
       } else {
 
           $data['thumb'] = '';
 
       }

 
       // Parent
 
       $url '';

 
       if ($this->input->get('directory')) {
 
           $pos strrpos($this->input->get('directory'), '/');

 
           if ($pos) {
 
               $url .= '?directory=' substr($this->input->get('directory'), 0$pos);
 
           }
 
       }

 
       if ($this->input->get('target')) {
 
           $url .= '&target=' $this->input->get('target');
 
       }

 
       if ($this->input->get('thumb')) {
 
           $url .= '&thumb=' $this->input->get('thumb');
 
       }

 
       $data['parent'] = site_url('admin/common/filemanager' $url);

 
       // Refresh
 
       $url '';

 
       if ($this->input->get('directory')) {
 
           $url .= '?directory=' $this->input->get('directory');
 
       }

 
       if ($this->input->get('target')) {
 
           $url .= '&target=' $this->input->get('target');
 
       }

 
       if ($this->input->get('thumb')) {
 
           $url .= '&thumb=' $this->input->get('thumb');
 
       }

 
       $data['refresh'] = site_url('admin/common/filemanager' $url);


 
       // Pagination 

 
       $url '';

 
       if ($this->input->get('directory')) {
 
           $url .= '?directory=' $this->input->get('directory');
 
       }

 
       $config['base_url'] = base_url('admin/common/filemanager');
 
       $config['total_rows'] = $image_total;
 
       $config['per_page'] = $per_page;
 
       $config['page_query_string'] = TRUE;
 
       $config['num_links'] = "16";

 
       $config['full_tag_open'] = '<nav><ul class="pagination">';
 
       $config['full_tag_close'] = '</ul></nav>';
 
       $config['num_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['num_tag_close'] = '</span></li>';
 
       $config['cur_tag_open'] = '<li class="page-item active"><span class="page-link">';
 
       $config['cur_tag_close'] = '<span class="sr-only">(current)</span></span></li>';
 
       $config['next_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['next_tagl_close'] = '<span aria-hidden="true">&raquo;</span></span></li>';
 
       $config['prev_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['prev_tagl_close'] = '</span></li>';
 
       $config['first_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['first_tagl_close'] = '</span></li>';
 
       $config['last_tag_open'] = '<li class="page-item"><span class="page-link">';
 
       $config['last_tagl_close' '</span></li>';

 
       $this->pagination->initialize($config);

 
       $data['pagination'] = $this->pagination->create_links();

 
       $this->load->view('common/filemanager_view'$data);
 
   }

The script below runs the modal
Code:
$(document).ready(function() {

$('[data-toggle=\'tooltip\']').tooltip({container: 'body', html: true});

// Makes tooltips work on ajax generated content
$(document).ajaxStop(function() {
$('[data-toggle=\'tooltip\']').tooltip({container: 'body'});
});

// Image Manager
$(document).delegate('a[data-toggle=\'image\']', 'click', function(e) {

e.preventDefault();

$('.popover').popover('hide', function() {
$('.popover').remove();
});

var element = this;

$(element).popover({
html: true,
placement: 'right',
trigger: 'manual',
content: function() {
return '<button type="button" id="button-image" class="btn btn-primary"><i class="fa fa-pencil"></i></button> <button type="button" id="button-clear" class="btn btn-danger"><i class="fa fa-times"></i></button>';
}
});

$(element).popover('show');

$('#button-image').on('click', function() {
$('#modal-image').remove();

$.ajax({
url: base_url + 'admin/common/filemanager?target=' + $(element).parent().find('input').attr('id') + '&thumb=' + $(element).attr('id'),
dataType: 'html',
beforeSend: function() {
$('#button-image i').replaceWith('<i class="fa fa-circle-o-notch fa-spin"></i>');
$('#button-image').prop('disabled', true);
},
complete: function() {
$('#button-image i').replaceWith('<i class="fa fa-pencil"></i>');
$('#button-image').prop('disabled', false);
},
success: function(html) {
$('body').append('<div id="modal-image" class="modal">' + html + '</div>');

$('#modal-image').modal('show');
}
});

$(element).popover('hide', function() {
$('.popover').remove();
});
});
});
});

https://en.wikipedia.org/wiki/Directory_...sal_attack

https://www.codeigniter.com/user_guide/l...e_filename

The application looks nice Smile
Reply

#3
Where would be best to use this on my code


$filename = $this->security->sanitize_filename($this->input->post('filename'), TRUE);
There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.