Support for symlink folders

sixem / ivfi-php

IVFi is a directory indexer that aims to make it easy to browse and explore web-accessible directories.

https://git.five.sh/ivfi/

Other

108 stars 18 forks source link

Support for symlink folders #3

Closed camjac251 closed 4 years ago

camjac251 commented 4 years ago

Is it possible to use this script with symlinked folders? I get this error when trying to enter a folder /directory/to/folder/symlink that is linked to /directory/to/mount/FOLDER/foldername. Although symlink and foldername are the same foldername on disk. In this example it's just to hopefully clarify which is which.

 Fatal error: Uncaught Exception: requested path is below the public working directory. in /directory/to/folder/symlink/indexer.php:89 Stack trace: #0 /directory/to/folder/symlink/indexer.php(396): Indexer->__construct('/symlink/', Array) #1 {main} thrown in /directory/to/folder/symlink/indexer.php on line 89

sixem commented 4 years ago

I've created a fix for this here #4.

Basically, the script would use realpath to check if the current folder was above the directory of the indexer.php, this is an attempt to avoid backwards directory traversal.

Problem is that the realpath also returns the real path of any symbolic links. I tried using is_link which would work for the directory but not any subdirectories inside of it.

So, instead i added a path_checking option, which when set to weak will check if the directory is a symbolic link, if it isn't, then it'll use a similar function to realpath that just works with strings instead of actual file paths, thus not resolving the symbolic link.

Let me know if it works for you.

camjac251 commented 4 years ago

It didn't work for me sadly. I double checked to make sure I had the right code downloaded too

I noticed a mistake I made with obfuscating the paths in the last code snippet so hopefully this one is less confusing. I have a base folder as the root in nginx, and inside that are symlinked folders Fatal error: Uncaught Exception: requested path (is_dir) is below the public working directory. (1) in /directory/to/folder/userfolder/indexer.php:92 Stack trace: #0 /directory/to/folder/userfolder/indexer.php(441): Indexer->__construct('/symlinkedfolder/', Array) #1 {main} thrown in /directory/to/folder/userfolder/indexer.php on line 92

sixem commented 4 years ago

Did you remember to set the path_checking option to weak after updating the code? That error code tells me that it was still set to strict.

camjac251 commented 4 years ago

I completely missed that part. I should have read it closer. setting it to weak and it works flawlessly. Thank you very much.