diff options
| -rwxr-xr-x | bin/files.php | 8 | ||||
| -rwxr-xr-x | bin/session.php | 7 | ||||
| -rwxr-xr-x | bin/utils.php | 45 | ||||
| -rwxr-xr-x | config_default.php | 3 |
4 files changed, 61 insertions, 2 deletions
diff --git a/bin/files.php b/bin/files.php index e7ffaa9..123644e 100755 --- a/bin/files.php +++ b/bin/files.php @@ -161,6 +161,14 @@ function filesgetlisting($dir) $filelisting = array(); $folderlisting = array(); + // Check dir + if (!isurlvalid($dir, "media") && !isurlvalid($dir, "rec")) + return array(); + + // Dont allow .. + if (preg_match("$\.\.$", $dir)) + return array(); + $dir_handle = @opendir($dir); if (!$dir_handle) return array(); diff --git a/bin/session.php b/bin/session.php index fee5b58..144b8da 100755 --- a/bin/session.php +++ b/bin/session.php @@ -4,6 +4,10 @@ function sessioncreate($type, $url, $mode) { global $httppath, $ffmpegpath, $segmenterpath, $quality, $maxencodingprocesses; + // Check url + if (!isurlvalid($url, $type)) + return ""; + // Check that the max number of session is not reached yet $nbencprocess = exec("find ../ram/ -name segmenter.pid | wc | awk '{ print $1 }'"); if ($nbencprocess >= $maxencodingprocesses) @@ -336,6 +340,9 @@ function streammusic($path, $file) { global $httppath; + if (!isurlvalid($path, "media")) + return array(); + $files = array(); // Create all symlinks diff --git a/bin/utils.php b/bin/utils.php index e748c64..4fe3484 100755 --- a/bin/utils.php +++ b/bin/utils.php @@ -92,4 +92,49 @@ function sec2hms ($sec, $padHours = false) return $hms; } + +function isurlvalid($url, $type) +{ + global $vdrstreamdev, $vdrrecpath, $videosource, $audiosource; + + switch ($type) + { + case 'tv': + + // Check that this is a correct URL + if (strncmp($vdrstreamdev, $url, strlen($vdrstreamdev))) + return 0; + + break; + + case 'rec': + if (strncmp($vdrrecpath, $url, strlen($vdrrecpath))) + return 0; + + // Dont allow .. + if (preg_match("$\.\.$", $url)) + return 0; + + break; + + case 'media'; + case 'vid': + + if (strncmp($videosource, $url, strlen($videosource)) && strncmp($audiosource, $url, strlen($audiosource))) + return 0; + + // Dont allow .. + if (preg_match("$\.\.$", $url)) + return 0; + + break; + + default: + return 0; + } + + return 1; +} + + ?> diff --git a/config_default.php b/config_default.php index 758ccc9..0bd3c9c 100755 --- a/config_default.php +++ b/config_default.php @@ -5,11 +5,10 @@ $httppath = '/istreamdev/'; // Absolute path to the index.php file. //Don't put http://yourdomain !! // VDR configuration - $vdrenabled=1; // enable/disable VDR features $vdrchannels='/etc/vdr/channels.conf'; // VDR channel list $svdrpport=2001; // SVDRP port $svdrpip='127.0.0.1'; // SVDRP ip - $vdrstreamdev='http://127.0.0.1:3000/TS/'; // VDR streamdev URL + $vdrstreamdev='http://127.0.0.1:3000/TS/'; // VDR streamdev URL (set to "" to disable the VDR feature) $vdrrecpath='/video/'; //VDR recording directory // Media configuration |