TheCloneArmy/crater
1
0
Fork 1
mirror of https://github.com/crater-invoice/crater.git synced 2025-10-31 05:31:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Unrestricted php file upload fix (#681)

Browse Source 
https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/
This commit is contained in:
theWorstComrade
2021-12-29 13:33:20 +01:00
committed by GitHub
parent c9d0a63854
commit cdc913d16c
7 changed files with 176 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
app/Rules/Base64Mime.php Normal file
View File

@ -0,0 +1,85 @@
<?php
namespace Crater\Rules;
use Illuminate\Contracts\Validation\Rule;
class Base64Mime implements Rule
{
private $attribute;
private $extensions;
/**
* Create a new rule instance.
*
* @return void
*/
public function __construct(array $extensions)
{
$this->extensions = $extensions;
}
/**
* Determine if the validation rule passes.
*
* @param string $attribute
* @param mixed $value
* @return bool
*/
public function passes($attribute, $value)
{
$this->attribute = $attribute;
try {
$data = json_decode($value)->data;
} catch (\Exception $e) {
return False;
}
$pattern = '/^data:\w+\/[\w\+]+;base64,[\w\+\=\/]+$/';
if(!preg_match($pattern, $data)) {
return False;
}
$data = explode(',', $data);
if(!isset($data[1]) || empty($data[1])) {
return False;
}
try {
$data = base64_decode($data[1]);
$f = finfo_open();
$result = finfo_buffer($f, $data, FILEINFO_EXTENSION);
if($result === '???')
return False;
if(strpos($result, '/')) {
foreach(explode('/', $result) as $ext) {
if(in_array($ext, $this->extensions))
return True;
}
} else {
if(in_array($result, $this->extensions))
return True;
}
} catch (\Exception $e) {
return False;
}
return False;
}
/**
* Get the validation error message.
*
* @return string
*/
public function message()
{
return 'The ' . $this->attribute . ' must be a json with file of type: ' . implode(', ', $this->extensions) . ' encoded in base64.';
}
}