Closed papppeter closed 5 months ago
d00p
commented
5 months ago Can reproduce yes, if the link does not have an absolute path as target, the php function readlink() only outputs the directory name, need to make this relative to the folder where the link is in if not an absolute path
d00p
commented
5 months ago Can you validate that the following patch solves the issue?
diff --git a/lib/Froxlor/FileDir.php b/lib/Froxlor/FileDir.php
index acb8fb9a..0b3b529a 100644
--- a/lib/Froxlor/FileDir.php
+++ b/lib/Froxlor/FileDir.php
@@ -140,6 +140,12 @@ class FileDir
if (is_link($check_dir)) {
$original_target = $check_dir;
$check_dir = readlink($check_dir);
+ $link_dir = dirname($original_target);
+ // check whether the link is relative or absolute
+ if (substr($check_dir, 0, 1) != '/') {
+ // relative directory, prepend link_dir
+ $check_dir = $link_dir . '/' . $check_dir;
+ }
if (substr($check_dir, 0, strlen($fixed_homedir)) != $fixed_homedir) {
throw new Exception("Found symlink pointing outside of customer home directory: " . substr($original_target, strlen($fixed_homedir)));
}
papppeter
commented
5 months ago save is working with the changes
papppeter
commented
5 months ago @d00p that was quick! thanks
Describe the bug If i try to save a domain setup, where path is pointing to symlink, found symlink pointing outside of customer home directory decision is made without prefixing it with customer directory.
System information
To Reproduce Steps to reproduce the behavior: