Skip to content

Commit

Permalink
security fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
seguinleo authored Oct 14, 2023
1 parent 8ab807e commit 3b2b5be
Show file tree
Hide file tree
Showing 2 changed files with 86 additions and 83 deletions.
11 changes: 7 additions & 4 deletions src/assets/php/privateNote.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,12 @@
return;
}

$directoryPath = realpath('../../share/' . $noteLink);
if (file_exists($directoryPath)) {
array_map('unlink', glob("$directoryPath/*"));
$directoryPath = '../../share/' . $noteLink;
if (is_dir($directoryPath)) {
$files = glob($directoryPath . '/*.*');
foreach ($files as $file) {
unlink($file);
}
if (rmdir($directoryPath)) {

Check failure on line 38 in src/assets/php/privateNote.php

View workflow job for this annotation

GitHub Actions / php-security

TaintedFile

src/assets/php/privateNote.php:38:15: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
http_response_code(200);
return;
Expand All @@ -40,6 +43,6 @@
return;
}
} else {
http_response_code(500);
http_response_code(404);
return;
}
158 changes: 79 additions & 79 deletions src/assets/php/publicNote.php
Original file line number Diff line number Diff line change
@@ -1,79 +1,79 @@
<?php
session_name('__Secure-notes');
session_start();

if (isset($_SESSION['nom'], $_SESSION['userId'], $_POST['noteId']) === false) {
http_response_code(403);
return;
}

require_once __DIR__ . '/config/config.php';

$nom = $_SESSION['nom'];
$noteId = $_POST['noteId'];
$noteLink = $_POST['noteLink'];
$key = $_SESSION['key'];
$title = $_POST['title'];
$desc = $_POST['desc'];

try {
$query = $PDO->prepare("UPDATE notes SET link=:NoteLink, clearTitle=:ClearTitle, clearContent=:ClearContent WHERE id=:NoteId AND user=:CurrentUser AND link IS NULL");
$query->execute(
[
':NoteLink' => $noteLink,
':NoteId' => $noteId,
':CurrentUser' => $nom,
':ClearTitle' => $title,
':ClearContent' => $desc
]
);
$query->closeCursor();
$PDO = null;
} catch (Exception $e) {
http_response_code(500);
return;
}

$directoryPath = '../../share/' . $noteLink;
if (!file_exists($directoryPath)) {
if (mkdir($directoryPath, 0755, true)) {
$index = fopen($directoryPath . '/index.php', 'w');
$indexContent =
<<<EOT
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<title>Bloc-notes &#8211; Léo SEGUIN</title>
<link rel="shortcut icon" href="../../favicon.ico" type="image/x-icon">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#272727" id="themecolor">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="#272727">
<link rel="stylesheet" href="../stylePublic.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css">
</head>
<body>
<main data-link="%s"></main>
<footer>
<a href="../../" target="_blank" rel="noreferrer" aria-label="Vers le site">
Bloc-notes &#8211; Léo SEGUIN
</a>
<span class="license">GPL-3.0 &copy;<?= date('Y') ?></span>
</footer>
<script src="../../assets/js/showdown.min.js" defer></script>
<script src="../scriptPublic.js" defer></script>
</body>
</html>
EOT;
$indexContent = sprintf($indexContent, $noteLink);
fwrite($index, $indexContent);
} else {
http_response_code(403);
return;
}
} else {
http_response_code(500);
return;
}
<?php
session_name('__Secure-notes');
session_start();

if (isset($_SESSION['nom'], $_SESSION['userId'], $_POST['noteId'], $_POST['noteLink']) === false) {
http_response_code(403);
return;
}

require_once __DIR__ . '/config/config.php';

$nom = $_SESSION['nom'];
$noteId = $_POST['noteId'];
$title = $_POST['title'];
$desc = $_POST['desc'];
$noteLink = htmlspecialchars($_POST['noteLink'], ENT_QUOTES);

try {
$query = $PDO->prepare("UPDATE notes SET link=:NoteLink, clearTitle=:ClearTitle, clearContent=:ClearContent WHERE id=:NoteId AND user=:CurrentUser AND link IS NULL");
$query->execute(
[
':NoteLink' => $noteLink,
':NoteId' => $noteId,
':CurrentUser' => $nom,
':ClearTitle' => $title,
':ClearContent' => $desc
]
);
$query->closeCursor();
$PDO = null;
} catch (Exception $e) {
http_response_code(500);
return;
}

$directoryPath = '../../share/' . $noteLink;
if (is_dir($directoryPath) === false) {
if (mkdir($directoryPath)) {

Check failure on line 38 in src/assets/php/publicNote.php

View workflow job for this annotation

GitHub Actions / php-security

TaintedFile

src/assets/php/publicNote.php:38:15: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
$index = fopen($directoryPath . '/index.php', 'w');

Check failure on line 39 in src/assets/php/publicNote.php

View workflow job for this annotation

GitHub Actions / php-security

TaintedFile

src/assets/php/publicNote.php:39:24: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
$indexContent =
<<<EOT
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<title>Bloc-notes &#8211; Léo SEGUIN</title>
<link rel="shortcut icon" href="../../favicon.ico" type="image/x-icon">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#272727">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="#272727">
<link rel="stylesheet" href="../stylePublic.css">
<link rel="stylesheet" href="/assets/fontawesome/css/all.min.css">
</head>
<body>
<main data-link="%s"></main>
<footer>
<a href="../../" target="_blank" rel="noreferrer">
Bloc-notes &#8211; Léo SEGUIN
</a>
GPL-3.0 &copy;<?= date('Y') ?>
</footer>
<script src="../../assets/js/showdown.min.js" defer></script>
<script src="../scriptPublic.js" defer></script>
</body>
</html>
EOT;
$indexContent = sprintf($indexContent, $noteLink);
fwrite($index, $indexContent);
fclose($index);
} else {
http_response_code(403);
return;
}
} else {
http_response_code(500);
return;
}

0 comments on commit 3b2b5be

Please sign in to comment.