summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to 'bin')
-rwxr-xr-xbin/files.php8
-rwxr-xr-xbin/session.php7
-rwxr-xr-xbin/utils.php45
3 files changed, 60 insertions, 0 deletions
diff --git a/bin/files.php b/bin/files.php
index e7ffaa9..123644e 100755
--- a/bin/files.php
+++ b/bin/files.php
@@ -161,6 +161,14 @@ function filesgetlisting($dir)
$filelisting = array();
$folderlisting = array();
+ // Check dir
+ if (!isurlvalid($dir, "media") && !isurlvalid($dir, "rec"))
+ return array();
+
+ // Dont allow ..
+ if (preg_match("$\.\.$", $dir))
+ return array();
+
$dir_handle = @opendir($dir);
if (!$dir_handle)
return array();
diff --git a/bin/session.php b/bin/session.php
index fee5b58..144b8da 100755
--- a/bin/session.php
+++ b/bin/session.php
@@ -4,6 +4,10 @@ function sessioncreate($type, $url, $mode)
{
global $httppath, $ffmpegpath, $segmenterpath, $quality, $maxencodingprocesses;
+ // Check url
+ if (!isurlvalid($url, $type))
+ return "";
+
// Check that the max number of session is not reached yet
$nbencprocess = exec("find ../ram/ -name segmenter.pid | wc | awk '{ print $1 }'");
if ($nbencprocess >= $maxencodingprocesses)
@@ -336,6 +340,9 @@ function streammusic($path, $file)
{
global $httppath;
+ if (!isurlvalid($path, "media"))
+ return array();
+
$files = array();
// Create all symlinks
diff --git a/bin/utils.php b/bin/utils.php
index e748c64..4fe3484 100755
--- a/bin/utils.php
+++ b/bin/utils.php
@@ -92,4 +92,49 @@ function sec2hms ($sec, $padHours = false)
return $hms;
}
+
+function isurlvalid($url, $type)
+{
+ global $vdrstreamdev, $vdrrecpath, $videosource, $audiosource;
+
+ switch ($type)
+ {
+ case 'tv':
+
+ // Check that this is a correct URL
+ if (strncmp($vdrstreamdev, $url, strlen($vdrstreamdev)))
+ return 0;
+
+ break;
+
+ case 'rec':
+ if (strncmp($vdrrecpath, $url, strlen($vdrrecpath)))
+ return 0;
+
+ // Dont allow ..
+ if (preg_match("$\.\.$", $url))
+ return 0;
+
+ break;
+
+ case 'media';
+ case 'vid':
+
+ if (strncmp($videosource, $url, strlen($videosource)) && strncmp($audiosource, $url, strlen($audiosource)))
+ return 0;
+
+ // Dont allow ..
+ if (preg_match("$\.\.$", $url))
+ return 0;
+
+ break;
+
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+
?>