unauthorised writing to folder below webroot
Posted: Wed Mar 30, 2011 1:11 am
Hi everybody,
I've got a security problem with a download folder below the webroot. This folder contains subfolders where customers get access to their purchased items after payment.
Somehow, somebody is able to write to this download folder and fill it up with empty subfolders.
Here is the code I am using to write the customers items to there subfolders.
Even checking the directory string I am getting things like
DJPdl_ Ans:ws or DJPdl_An
I've got a security problem with a download folder below the webroot. This folder contains subfolders where customers get access to their purchased items after payment.
Somehow, somebody is able to write to this download folder and fill it up with empty subfolders.
Here is the code I am using to write the customers items to there subfolders.
Code: Select all
function prepareDl($customerNo, $cart_items)
{
//directory definition from to
$prev = "../../";
$dir = DL_BASE."DJPdl_".substr($customerNo, 0,8);
$sourceDir = $prev.$dir."/";
$dlDir = $dir."/";
$baseDir = "../../content/album/source/";
//checking the directory string for valid characters and create if not already exists
if(!is_dir($dir))
{
if(preg_match("/^[a-z0-9_.\/\s]+$/i", $dir))
{
mkdir($dir, 0755);
}
else
{
$msg = "Error creating a customer subdirectora $dir!";
email::errorMsg($msg);
exit;
}
}
$i = 0;
foreach($cart_items as $item)
{
if(!copy($item, str_replace($baseDir, $dlDir, $item)))
{
$success_msg .= "An error occured. Could not copy ".$item.".";
}
else
{
$i++;
}
}
if($i < count($cart_items))
{
email::errorMsg($success_msg);
}
return $i;
DJPdl_ Ans:ws or DJPdl_An
Code: Select all
:js
written to it.
The directory root being written to is below the webroot like /root/something/temp/downloads.
Any ideas to stop unauthorised writing to the directory would be great.
Thanks