diff --git a/autoload/Domain/Article/ArticleRepository.php b/autoload/Domain/Article/ArticleRepository.php index d432f95..bd1a360 100644 --- a/autoload/Domain/Article/ArticleRepository.php +++ b/autoload/Domain/Article/ArticleRepository.php @@ -318,9 +318,7 @@ class ArticleRepository if (is_array($results)) { foreach ($results as $row) { - if (file_exists('../' . $row['src'])) { - unlink('../' . $row['src']); - } + $this->safeUnlink($row['src']); } } @@ -337,9 +335,7 @@ class ArticleRepository if (is_array($results)) { foreach ($results as $row) { - if (file_exists('../' . $row['src'])) { - unlink('../' . $row['src']); - } + $this->safeUnlink($row['src']); } } @@ -819,9 +815,7 @@ class ArticleRepository $results = $this->db->select('pp_articles_files', '*', ['article_id' => null]); if (is_array($results)) { foreach ($results as $row) { - if (file_exists('../' . $row['src'])) { - unlink('../' . $row['src']); - } + $this->safeUnlink($row['src']); } } @@ -836,15 +830,29 @@ class ArticleRepository $results = $this->db->select('pp_articles_images', '*', ['article_id' => null]); if (is_array($results)) { foreach ($results as $row) { - if (file_exists('../' . $row['src'])) { - unlink('../' . $row['src']); - } + $this->safeUnlink($row['src']); } } $this->db->delete('pp_articles_images', ['article_id' => null]); } + /** + * Usuwa plik z dysku tylko jeśli ścieżka pozostaje wewnątrz katalogu upload/. + * Zapobiega path traversal przy danych z bazy. + */ + private function safeUnlink(string $src): void + { + $base = realpath('../upload'); + if (!$base) { + return; + } + $full = realpath('../' . ltrim($src, '/')); + if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) { + unlink($full); + } + } + /** * Pobiera artykuly opublikowane w podanym zakresie dat. */ diff --git a/autoload/Domain/Product/ProductRepository.php b/autoload/Domain/Product/ProductRepository.php index a538629..c546bd0 100644 --- a/autoload/Domain/Product/ProductRepository.php +++ b/autoload/Domain/Product/ProductRepository.php @@ -1601,9 +1601,7 @@ class ProductRepository $results = $this->db->select( 'pp_shop_products_files', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] ); if ( is_array( $results ) ) { foreach ( $results as $row ) { - if ( file_exists( '../' . $row['src'] ) ) { - unlink( '../' . $row['src'] ); - } + $this->safeUnlink( $row['src'] ); } } $this->db->delete( 'pp_shop_products_files', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] ); @@ -1614,9 +1612,7 @@ class ProductRepository $results = $this->db->select( 'pp_shop_products_images', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] ); if ( is_array( $results ) ) { foreach ( $results as $row ) { - if ( file_exists( '../' . $row['src'] ) ) { - unlink( '../' . $row['src'] ); - } + $this->safeUnlink( $row['src'] ); } } $this->db->delete( 'pp_shop_products_images', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] ); @@ -2125,14 +2121,28 @@ class ProductRepository $results = $this->db->select( 'pp_shop_products_images', '*', [ 'product_id' => null ] ); if ( is_array( $results ) ) { foreach ( $results as $row ) { - if ( file_exists( '../' . $row['src'] ) ) { - unlink( '../' . $row['src'] ); - } + $this->safeUnlink( $row['src'] ); } } $this->db->delete( 'pp_shop_products_images', [ 'product_id' => null ] ); } + /** + * Usuwa plik z dysku tylko jeśli ścieżka pozostaje wewnątrz katalogu upload/. + * Zapobiega path traversal przy danych z bazy. + */ + private function safeUnlink(string $src): void + { + $base = realpath('../upload'); + if (!$base) { + return; + } + $full = realpath('../' . ltrim($src, '/')); + if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) { + unlink($full); + } + } + /** * Oznacza plik do usunięcia. */ diff --git a/templates/articles/article-entry.php b/templates/articles/article-entry.php index a10b878..8e3c760 100644 --- a/templates/articles/article-entry.php +++ b/templates/articles/article-entry.php @@ -2,11 +2,12 @@
article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );?> + article['language']['title'], ENT_QUOTES, 'UTF-8' ); $safeUrl = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' );?>
- article['language']['noindex'] ):?>rel="nofollow"> <?= $this -> article['language']['title'];?> + article['language']['noindex'] ):?>rel="nofollow"> <?= $safeTitle;?>

- article['language']['noindex'] ):?>rel="nofollow"> article['language']['title'];?> + article['language']['noindex'] ):?>rel="nofollow">

article['date_add'] ) );?>
@@ -32,6 +33,6 @@ } ?>
- article['language']['noindex'] ):?>rel="nofollow"> + article['language']['noindex'] ):?>rel="nofollow">
\ No newline at end of file diff --git a/templates/articles/article-full.php b/templates/articles/article-full.php index 84d1b17..72e1036 100644 --- a/templates/articles/article-full.php +++ b/templates/articles/article-full.php @@ -8,24 +8,26 @@ $text = \front\Views\Articles::generateHeadersIds( $text ); $this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] ); if ( $this -> article['show_title'] ) - echo '

' . $this -> article['language']['title'] . '

'; + echo '

' . htmlspecialchars( $this -> article['language']['title'], ENT_QUOTES, 'UTF-8' ) . '

'; if ( $this -> article['social_icons'] ): + $safeHost = htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES, 'UTF-8' ); + $safeUrl = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' ); ?>
- + facebook - + pinterest - + twitter - + linkedin - + google+