From 6159edcebbcb1c230113e18788a676035979a4c8 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 1 Feb 2010 08:48:31 -0800
Subject: Improve name validation checks on local File references

---
 classes/File.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'classes')

diff --git a/classes/File.php b/classes/File.php
index c527c4ffe..6dd9e0c06 100644
--- a/classes/File.php
+++ b/classes/File.php
@@ -176,8 +176,22 @@ class File extends Memcached_DataObject
         return "$nickname-$datestamp-$random.$ext";
     }
 
+    /**
+     * Validation for as-saved base filenames
+     */
+    static function validFilename($filename)
+    {
+        return preg_match('^/[A-Za-z0-9._-]+$/', $filename);
+    }
+
+    /**
+     * @throws ClientException on invalid filename
+     */
     static function path($filename)
     {
+        if (!self::validFilename($filename)) {
+            throw new ClientException("Invalid filename");
+        }
         $dir = common_config('attachments', 'dir');
 
         if ($dir[strlen($dir)-1] != '/') {
@@ -189,6 +203,9 @@ class File extends Memcached_DataObject
 
     static function url($filename)
     {
+        if (!self::validFilename($filename)) {
+            throw new ClientException("Invalid filename");
+        }
         if(common_config('site','private')) {
 
             return common_local_url('getfile',
-- 
cgit v1.2.3-54-g00ecf