abbodi1406/api
1
0
Fork 0
forked from uup-dump/api
Code Pull Requests Activity

Fix potential path traversal vulnerabilities

Browse Source
This commit is contained in:
Kaenbyou Rin
2025-09-20 00:20:02 +02:00
parent 84a149c044
commit 887dcf71d3
3 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
shared/fileinfo.php
View File

@@ -31,6 +31,9 @@ function uupApiGetFileinfoDirs() {
}
function uupApiGetFileinfoName($updateId, $meta = false) {
if(!uupApiCheckUpdateId($updateId))
return null;
$fileName = $updateId.'.json';
$dirs = uupApiGetFileinfoDirs();
@@ -41,7 +44,12 @@ function uupApiGetFileinfoName($updateId, $meta = false) {
}
function uupApiFileInfoExists($updateId) {
return file_exists(uupApiGetFileinfoName($updateId));
$name = uupApiGetFileinfoName($updateId);
if($name === null)
return false;
return file_exists($name);
}
function uupApiWriteFileinfoMeta($updateId, $info) {
@@ -49,12 +57,19 @@ function uupApiWriteFileinfoMeta($updateId, $info) {
unset($info['files']);
$file = uupApiGetFileinfoName($updateId, true);
if($file === null)
return false;
return uupApiWriteJson($file, $info);
}
function uupApiWriteFileinfo($updateId, $info) {
$file = uupApiGetFileinfoName($updateId);
if($file === null)
return false;
if(uupApiWriteJson($file, $info) === false)
return false;
@@ -64,10 +79,14 @@ function uupApiWriteFileinfo($updateId, $info) {
function uupApiReadFileinfoMeta($updateId) {
$file = uupApiGetFileinfoName($updateId, true);
if($file === null)
return false;
if(file_exists($file))
return uupApiReadJson($file);
$info = uupApiReadFileinfo($updateId, false);
if($info === false)
return false;
@@ -88,6 +107,10 @@ function uupApiReadFileinfo($updateId, $meta = false) {
return uupApiReadFileinfoMeta($updateId);
$file = uupApiGetFileinfoName($updateId);
if($file === null)
return false;
$info = uupApiReadJson($file);
return $info;

15
shared/packs.php
View File

@@ -16,6 +16,7 @@ limitations under the License.
*/
require_once dirname(__FILE__).'/../listid.php';
require_once dirname(__FILE__).'/utils.php';
function uupGetInfoTexts() {
$fancyLangNames = array(
@@ -204,11 +205,19 @@ function uupGetInfoTexts() {
}
function uupApiGetPacks($updateId) {
if(empty($updateId)) return [];
if(!file_exists('packs/'.$updateId.'.json.gz')) return [];
if(empty($updateId))
return [];
if(!uupApiCheckUpdateId($updateId))
return [];
if(!file_exists('packs/'.$updateId.'.json.gz'))
return [];
$genPack = @gzdecode(@file_get_contents('packs/'.$updateId.'.json.gz'));
if(empty($genPack)) return [];
if(empty($genPack))
return [];
$genPack = json_decode($genPack, 1);
return $genPack;

2
shared/utils.php
View File

@@ -19,7 +19,7 @@ function uupApiPrintBrand() {
global $uupApiBrandPrinted;
if(!isset($uupApiBrandPrinted)) {
consoleLogger('UUP dump API v'.uupApiVersion());
consoleLogger('UUP dump API');
$uupApiBrandPrinted = 1;
}
}