From 6fc582c121b04e98d97c944261ee3be2e60f6517 Mon Sep 17 00:00:00 2001 From: tolanych Date: Sat, 9 Feb 2019 23:11:41 +0300 Subject: [PATCH 1/5] fix impossibility remove file with two dots --- core/model/modx/processors/browser/file/create.class.php | 2 +- core/model/modx/processors/browser/file/remove.class.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/core/model/modx/processors/browser/file/create.class.php b/core/model/modx/processors/browser/file/create.class.php index 9226928ac08..e285db26f04 100644 --- a/core/model/modx/processors/browser/file/create.class.php +++ b/core/model/modx/processors/browser/file/create.class.php @@ -33,7 +33,7 @@ public function process() { $directory = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory))),'/'); $name = $this->getProperty('name'); - $name = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($name))),'/'); + $name = ltrim(strip_tags(htmlspecialchars($name)),'/'); $loaded = $this->getSource(); if (!($this->source instanceof modMediaSource)) { diff --git a/core/model/modx/processors/browser/file/remove.class.php b/core/model/modx/processors/browser/file/remove.class.php index dd1de35b676..b0e0715c104 100644 --- a/core/model/modx/processors/browser/file/remove.class.php +++ b/core/model/modx/processors/browser/file/remove.class.php @@ -33,7 +33,9 @@ public function process() { if (empty($file)) { return $this->modx->error->failure($this->modx->lexicon('file_err_ns')); } - $file = preg_replace('/[\.]{2,}/', '', $file); + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($file, PATHINFO_DIRNAME))); + $name = htmlspecialchars(pathinfo($file, PATHINFO_BASENAME)); + $path = $directory.$name; $loaded = $this->getSource(); if (!($this->source instanceof modMediaSource)) { From d6c4cc9cea80d3efd19c5e9373d77b8c37101707 Mon Sep 17 00:00:00 2001 From: tolanych Date: Sun, 10 Feb 2019 01:04:19 +0300 Subject: [PATCH 2/5] fix remove and for unicode symbols --- core/model/modx/processors/browser/file/remove.class.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/core/model/modx/processors/browser/file/remove.class.php b/core/model/modx/processors/browser/file/remove.class.php index b0e0715c104..c610d78e903 100644 --- a/core/model/modx/processors/browser/file/remove.class.php +++ b/core/model/modx/processors/browser/file/remove.class.php @@ -34,7 +34,10 @@ public function process() { return $this->modx->error->failure($this->modx->lexicon('file_err_ns')); } $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($file, PATHINFO_DIRNAME))); - $name = htmlspecialchars(pathinfo($file, PATHINFO_BASENAME)); + if (!empty($directory)) { + $directory .= DIRECTORY_SEPARATOR; + } + $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $file ))); $path = $directory.$name; $loaded = $this->getSource(); @@ -44,7 +47,7 @@ public function process() { if (!$this->source->checkPolicy('remove')) { return $this->failure($this->modx->lexicon('permission_denied')); } - $success = $this->source->removeObject($file); + $success = $this->source->removeObject($path); if (empty($success)) { $errors = $this->source->getErrors(); From f58fcf8904918f7d2d0c7657790bd51fc9df1bd5 Mon Sep 17 00:00:00 2001 From: tolanych Date: Sun, 10 Feb 2019 01:08:56 +0300 Subject: [PATCH 3/5] fix rename file with two dots --- .../processors/browser/file/rename.class.php | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/core/model/modx/processors/browser/file/rename.class.php b/core/model/modx/processors/browser/file/rename.class.php index 98e7ce5f68f..e6894a0da44 100644 --- a/core/model/modx/processors/browser/file/rename.class.php +++ b/core/model/modx/processors/browser/file/rename.class.php @@ -40,10 +40,21 @@ public function process() { } $oldFile = $this->getProperty('path'); - $oldFile = preg_replace('/[\.]{2,}/', '', htmlspecialchars($oldFile)); - $name = $this->getProperty('name'); - $name = preg_replace('/[\.]{2,}/', '', htmlspecialchars($name)); - $success = $this->source->renameObject($oldFile, $name); + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($oldFile, PATHINFO_DIRNAME))); + if (!empty($directory)) { + $directory .= DIRECTORY_SEPARATOR; + } + $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $oldFile ))); + $oldFile = $directory.$name; + + $newFile = $this->getProperty('name'); + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($newFile, PATHINFO_DIRNAME))); + if (!empty($directory)) { + $directory .= DIRECTORY_SEPARATOR; + } + $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $newFile ))); + $newFile = $directory.$name; + $success = $this->source->renameObject($oldFile, $newFile); if (empty($success)) { $msg = ''; From aad01d99d61a886e51b4f6e8d1b8ebcd400c50b4 Mon Sep 17 00:00:00 2001 From: tolanych Date: Mon, 11 Feb 2019 22:51:32 +0300 Subject: [PATCH 4/5] fix locale filepath --- .../processors/browser/file/remove.class.php | 13 ++++++----- .../processors/browser/file/rename.class.php | 23 +++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/core/model/modx/processors/browser/file/remove.class.php b/core/model/modx/processors/browser/file/remove.class.php index c610d78e903..987d52c49ca 100644 --- a/core/model/modx/processors/browser/file/remove.class.php +++ b/core/model/modx/processors/browser/file/remove.class.php @@ -33,12 +33,13 @@ public function process() { if (empty($file)) { return $this->modx->error->failure($this->modx->lexicon('file_err_ns')); } - $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($file, PATHINFO_DIRNAME))); - if (!empty($directory)) { - $directory .= DIRECTORY_SEPARATOR; - } - $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $file ))); - $path = $directory.$name; + $oldlocale = setlocale(LC_ALL, 0); + setlocale(LC_ALL,'C.UTF-8'); + $pathinfo = pathinfo($file); + setlocale(LC_ALL,$oldlocale); + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); + $name = htmlspecialchars($pathinfo['basename']); + $path = $directory.DIRECTORY_SEPARATOR.$name; $loaded = $this->getSource(); if (!($this->source instanceof modMediaSource)) { diff --git a/core/model/modx/processors/browser/file/rename.class.php b/core/model/modx/processors/browser/file/rename.class.php index e6894a0da44..4179c0c292e 100644 --- a/core/model/modx/processors/browser/file/rename.class.php +++ b/core/model/modx/processors/browser/file/rename.class.php @@ -40,20 +40,19 @@ public function process() { } $oldFile = $this->getProperty('path'); - $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($oldFile, PATHINFO_DIRNAME))); - if (!empty($directory)) { - $directory .= DIRECTORY_SEPARATOR; - } - $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $oldFile ))); - $oldFile = $directory.$name; + $oldlocale = setlocale(LC_ALL, 0); + setlocale(LC_ALL,'C.UTF-8'); + $pathinfo = pathinfo($oldFile); + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); + $name = htmlspecialchars($pathinfo['basename']); + $oldFile = $directory.DIRECTORY_SEPARATOR.$name; $newFile = $this->getProperty('name'); - $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($newFile, PATHINFO_DIRNAME))); - if (!empty($directory)) { - $directory .= DIRECTORY_SEPARATOR; - } - $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $newFile ))); - $newFile = $directory.$name; + $pathinfo = pathinfo($newFile); + $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); + $name = htmlspecialchars($pathinfo['basename']); + $newFile = $directory.DIRECTORY_SEPARATOR.$name; + setlocale(LC_ALL,$oldlocale); $success = $this->source->renameObject($oldFile, $newFile); if (empty($success)) { From bc6261ffbbe12aeace60ae3811354c0d8a8fb203 Mon Sep 17 00:00:00 2001 From: tolanych Date: Thu, 26 Sep 2019 13:58:11 +0300 Subject: [PATCH 5/5] =?UTF-8?q?add=20log=20notify=20about=20trouble=20with?= =?UTF-8?q?=20ENV=20encoding=20=D0=BD=D0=B0=D1=87=D0=B8=D0=BD=D0=B0=D1=8E?= =?UTF-8?q?=D1=89=D0=B8=D0=B5=D1=81=D1=8F=20=D1=81=20=C2=AB#=C2=BB=20?= =?UTF-8?q?=D0=B1=D1=83=D0=B4=D1=83=D1=82=20=D0=BF=D1=80=D0=BE=D0=B8=D0=B3?= =?UTF-8?q?=D0=BD=D0=BE=D1=80=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D1=8B,?= =?UTF-8?q?=20=D0=B0=20=D0=BF=D1=83=D1=81=D1=82=D0=BE=D0=B5=20=D1=81=D0=BE?= =?UTF-8?q?=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=D0=B8=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/model/modx/processors/browser/file/remove.class.php | 6 +++--- core/model/modx/processors/browser/file/rename.class.php | 9 ++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/core/model/modx/processors/browser/file/remove.class.php b/core/model/modx/processors/browser/file/remove.class.php index 987d52c49ca..7d8ed3f20f7 100644 --- a/core/model/modx/processors/browser/file/remove.class.php +++ b/core/model/modx/processors/browser/file/remove.class.php @@ -33,10 +33,10 @@ public function process() { if (empty($file)) { return $this->modx->error->failure($this->modx->lexicon('file_err_ns')); } - $oldlocale = setlocale(LC_ALL, 0); - setlocale(LC_ALL,'C.UTF-8'); $pathinfo = pathinfo($file); - setlocale(LC_ALL,$oldlocale); + if ($pathinfo['dirname'].DIRECTORY_SEPARATOR.$pathinfo['basename'] != $file) { + $this->modx->log (modX::LOG_LEVEL_ERROR, 'Could not prepare the filepath ' . $file . '. Please set a valid UTF8 capable locale in the MODX system setting "locale".'); + } $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); $name = htmlspecialchars($pathinfo['basename']); $path = $directory.DIRECTORY_SEPARATOR.$name; diff --git a/core/model/modx/processors/browser/file/rename.class.php b/core/model/modx/processors/browser/file/rename.class.php index 4179c0c292e..58909690b9a 100644 --- a/core/model/modx/processors/browser/file/rename.class.php +++ b/core/model/modx/processors/browser/file/rename.class.php @@ -40,19 +40,22 @@ public function process() { } $oldFile = $this->getProperty('path'); - $oldlocale = setlocale(LC_ALL, 0); - setlocale(LC_ALL,'C.UTF-8'); $pathinfo = pathinfo($oldFile); + if ($pathinfo['dirname'].DIRECTORY_SEPARATOR.$pathinfo['basename'] != $oldFile) { + $this->modx->log (modX::LOG_LEVEL_ERROR, 'Could not prepare the filepath ' . $oldFile . '. Please set a valid UTF8 capable locale in the MODX system setting "locale".'); + } $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); $name = htmlspecialchars($pathinfo['basename']); $oldFile = $directory.DIRECTORY_SEPARATOR.$name; $newFile = $this->getProperty('name'); $pathinfo = pathinfo($newFile); + if ($pathinfo['basename'] != $newFile) { + $this->modx->log (modX::LOG_LEVEL_ERROR, 'Could not prepare the filepath ' . $newFile . '. Please set a valid UTF8 capable locale in the MODX system setting "locale".'); + } $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars($pathinfo['dirname'])); $name = htmlspecialchars($pathinfo['basename']); $newFile = $directory.DIRECTORY_SEPARATOR.$name; - setlocale(LC_ALL,$oldlocale); $success = $this->source->renameObject($oldFile, $newFile); if (empty($success)) {