Fix potential path traversal vulnerabilities

Add br_release
Remove unnecessary parameters
2025-09-20 00:20:02 +02:00 · 2025-08-30 14:23:24 +02:00 · 2025-08-30 00:04:22 +02:00 · 2025-08-29 21:45:15 +02:00 · 2025-03-28 13:41:39 +01:00 · 2025-03-28 13:22:59 +01:00
7 changed files with 69 additions and 11 deletions
--- a/fetchupd.php
+++ b/fetchupd.php
@@ -50,8 +50,12 @@ function uupApiPrivateGetLatestBuild() {
    return $build;
 }
-function uupApiPrivateGetAcceptableBranches() {
+function uupApiPrivateIsAcceptableBranch($branch) {
-    return [
+    if(!uupApiConfigIsTrue('production_mode')) {
        return true;
    }
    $branches = [
        'auto',
        'rs2_release',
        'rs3_release',
@@ -66,8 +70,12 @@ function uupApiPrivateGetAcceptableBranches() {
        'ni_release',
        'zn_release',
        'ge_release',
        'br_release',
        'ge_prerelease',
        'rs_prerelease',
    ];
    return in_array($branch, $branches);
 }
 function uupApiPrivateNormalizeFetchParams($params) {
@@ -173,7 +181,7 @@ function uupFetchUpd2($params, $cacheRequests = 0) {
        return array('error' => 'ILLEGAL_MINOR');
    }
-    if(!in_array($branch, uupApiPrivateGetAcceptableBranches()))
+    if(!uupApiPrivateIsAcceptableBranch($branch))
        $branch = 'auto';
    if($ring == 'DEV') $ring = 'WIF';
--- a/shared/cache.php
+++ b/shared/cache.php
@@ -35,6 +35,10 @@ class UupDumpCache {
    }
    public function get() {
        if(!uupApiConfigIsTrue('production_mode')) {
            return false;
        }
        $cacheFile = $this->cacheFile;
        if(!file_exists($cacheFile)) {
@@ -58,6 +62,10 @@ class UupDumpCache {
    }
    public function put($content, $validity) {
        if(!uupApiConfigIsTrue('production_mode')) {
            return false;
        }
        $cacheFile = $this->cacheFile;
        $expires = $validity ? time() + $validity : false;
--- a/shared/fileinfo.php
+++ b/shared/fileinfo.php
@@ -31,6 +31,9 @@ function uupApiGetFileinfoDirs() {
 }
 function uupApiGetFileinfoName($updateId, $meta = false) {
    if(!uupApiCheckUpdateId($updateId))
        return null;
    $fileName = $updateId.'.json';
    $dirs = uupApiGetFileinfoDirs();
@@ -41,7 +44,12 @@ function uupApiGetFileinfoName($updateId, $meta = false) {
 }
 function uupApiFileInfoExists($updateId) {
-    return file_exists(uupApiGetFileinfoName($updateId));
+    $name = uupApiGetFileinfoName($updateId);
    if($name === null)
        return false;
    return file_exists($name);
 }
 function uupApiWriteFileinfoMeta($updateId, $info) {
@@ -49,12 +57,19 @@ function uupApiWriteFileinfoMeta($updateId, $info) {
        unset($info['files']);
    $file = uupApiGetFileinfoName($updateId, true);
    if($file === null)
        return false;
    return uupApiWriteJson($file, $info);
 }
 function uupApiWriteFileinfo($updateId, $info) {
    $file = uupApiGetFileinfoName($updateId);
    if($file === null)
        return false;
    if(uupApiWriteJson($file, $info) === false)
        return false;
@@ -64,10 +79,14 @@ function uupApiWriteFileinfo($updateId, $info) {
 function uupApiReadFileinfoMeta($updateId) {
    $file = uupApiGetFileinfoName($updateId, true);
    if($file === null)
        return false;
    if(file_exists($file))
        return uupApiReadJson($file);
    $info = uupApiReadFileinfo($updateId, false);
    if($info === false)
        return false;
@@ -88,6 +107,10 @@ function uupApiReadFileinfo($updateId, $meta = false) {
        return uupApiReadFileinfoMeta($updateId);
    $file = uupApiGetFileinfoName($updateId);
    if($file === null)
        return false;
    $info = uupApiReadJson($file);
    return $info;
--- a/shared/main.php
+++ b/shared/main.php
@@ -16,7 +16,7 @@ limitations under the License.
 */
 function uupApiVersion() {
-    return '1.48.0';
+    return "I can't be bothered to update the version; use commit hash.";
 }
 require_once dirname(__FILE__).'/auths.php';
--- a/shared/packs.php
+++ b/shared/packs.php
@@ -16,6 +16,7 @@ limitations under the License.
 */
 require_once dirname(__FILE__).'/../listid.php';
 require_once dirname(__FILE__).'/utils.php';
 function uupGetInfoTexts() {
    $fancyLangNames = array(
@@ -204,11 +205,19 @@ function uupGetInfoTexts() {
 }
 function uupApiGetPacks($updateId) {
-    if(empty($updateId)) return [];
+    if(empty($updateId)) 
-    if(!file_exists('packs/'.$updateId.'.json.gz')) return [];
+        return [];
    if(!uupApiCheckUpdateId($updateId))
        return [];
    if(!file_exists('packs/'.$updateId.'.json.gz')) 
        return [];
    $genPack = @gzdecode(@file_get_contents('packs/'.$updateId.'.json.gz'));
-    if(empty($genPack)) return [];
+
    if(empty($genPack)) 
        return [];
    $genPack = json_decode($genPack, 1);
    return $genPack;
--- a/shared/requests.php
+++ b/shared/requests.php
@@ -124,6 +124,7 @@ function composeDeviceAttributes($flight, $ring, $build, $arch, $sku, $type, $fl
        'BranchReadinessLevel=CB',
        'CIOptin=1',
        'CurrentBranch='.$branch,
        'DataExpDateEpoch_GE25H2='.(time()+82800),
        'DataExpDateEpoch_GE24H2='.(time()+82800),
        'DataExpDateEpoch_GE24H2Setup='.(time()+82800),
        'DataExpDateEpoch_CU23H2='.(time()+82800),
@@ -148,6 +149,7 @@ function composeDeviceAttributes($flight, $ring, $build, $arch, $sku, $type, $fl
        //'FlightContent='.$fltContent,
        'FlightRing='.$fltRing,
        'Free=gt64',
        'GStatus_GE25H2=2',
        'GStatus_GE24H2=2',
        'GStatus_GE24H2Setup=2',
        'GStatus_CU23H2=2',
@@ -211,6 +213,7 @@ function composeDeviceAttributes($flight, $ring, $build, $arch, $sku, $type, $fl
        'TPMVersion=2',
        'UpdateManagementGroup=2',
        'UpdateOfferedDays=0',
        'UpgEx_GE25H2=Green',
        'UpgEx_GE24H2Setup=Green',
        'UpgEx_GE24H2=Green',
        'UpgEx_CU23H2=Green',
@@ -298,6 +301,7 @@ function branchFromBuild($build) {
        case 22621:
        case 22631:
        case 22635:
            $branch = 'ni_release';
            break;
@@ -306,6 +310,8 @@ function branchFromBuild($build) {
            break;
        case 26100:
        case 26120:
        case 26200:
            $branch = 'ge_release';
            break;
--- a/shared/utils.php
+++ b/shared/utils.php
@@ -19,7 +19,7 @@ function uupApiPrintBrand() {
    global $uupApiBrandPrinted;
    if(!isset($uupApiBrandPrinted)) {
-        consoleLogger('UUP dump API v'.uupApiVersion());
+        consoleLogger('UUP dump API');
        $uupApiBrandPrinted = 1;
    }
 }
@@ -64,8 +64,12 @@ function sendWuPostRequestInternal($url, $postData, $saveCookie = true) {
    curl_setopt($req, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($req, CURLOPT_ENCODING, '');
    curl_setopt($req, CURLOPT_POSTFIELDS, $postData);
    if(uupApiConfigIsTrue('production_mode')) { 
        curl_setopt($req, CURLOPT_CONNECTTIMEOUT, 5);
        curl_setopt($req, CURLOPT_TIMEOUT, 15);
    }
    curl_setopt($req, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($req, CURLOPT_HTTPHEADER, array(
        'User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.50',
Author	SHA1	Message	Date
orin	887dcf71d3	Fix potential path traversal vulnerabilities	2025-09-20 00:20:02 +02:00
orin	84a149c044	Add br_release	2025-08-30 14:23:24 +02:00
orin	2d2321b21c	Remove unnecessary parameters	2025-08-30 00:04:22 +02:00
orin	5bed3a028a	Add 25H2	2025-08-29 21:45:15 +02:00
orin	37cefa11c6	1.49.0	2025-03-28 13:41:39 +01:00
orin	862d157672	Update branch builds	2025-03-28 13:22:59 +01:00
orin	e433df62cf	Add ge_prerelease as acceptable	2025-03-28 12:49:48 +01:00
orin	1933521e0d	Disable some safety features in the development mode	2025-03-28 12:48:59 +01:00