diff --git a/classes/article.php b/classes/article.php
index 62ea1f3b9c1f3aef9b09abcbd0d442db73cadeca..67b1a4a057bcf39769ca4f7f3abb68c2dd48c36d 100755
--- a/classes/article.php
+++ b/classes/article.php
@@ -673,10 +673,12 @@ class Article extends Handler_Protected {
$rv = array();
+ $cache = new DiskCache("images");
+
while ($line = $sth->fetch()) {
- if (file_exists(CACHE_DIR . '/images/' . sha1($line["content_url"]))) {
- $line["content_url"] = DiskCache::getUrl(sha1($line["content_url"]));
+ if ($cache->exists(sha1($line["content_url"]))) {
+ $line["content_url"] = $cache->getUrl(sha1($line["content_url"]));
}
array_push($rv, $line);
diff --git a/classes/diskcache.php b/classes/diskcache.php
index 41609d6b545fea6ced84d64dfb93f65a855772f7..92fd23ad4c19ca28c10333cc203caee942dc3852 100644
--- a/classes/diskcache.php
+++ b/classes/diskcache.php
@@ -3,7 +3,7 @@ class DiskCache {
private $dir;
public function __construct($dir) {
- $this->dir = CACHE_DIR . "/" . basename($dir);
+ $this->dir = CACHE_DIR . "/" . clean_filename($dir);
}
public function getDir() {
@@ -39,7 +39,7 @@ class DiskCache {
}
public function getFullPath($filename) {
- $filename = basename($filename);
+ $filename = clean_filename($filename);
return $this->dir . "/" . $filename;
}
@@ -72,8 +72,8 @@ class DiskCache {
return send_local_file($this->getFullPath($filename));
}
- static public function getUrl($filename) {
- return get_self_url_prefix() . "/public.php?op=cached_url&file=" . $filename;
+ public function getUrl($filename) {
+ return get_self_url_prefix() . "/public.php?op=cached_url&file=" . basename($this->dir) . "/" . $filename;
}
// check for locally cached (media) URLs and rewrite to local versions
@@ -103,7 +103,7 @@ class DiskCache {
if ($cache->getSize($cached_filename) > 0) {
- $src = DiskCache::getUrl(sha1($src));
+ $src = $cache->getUrl(sha1($src));
if ($entry->hasAttribute('poster'))
$entry->setAttribute('poster', $src);
diff --git a/classes/handler/public.php b/classes/handler/public.php
index 901844e364c831256a0f4190477d7ea1d76c31bd..4c904231e65bd34ed20c46c43c5e9f8c0cfa8a02 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -1202,13 +1202,7 @@ class Handler_Public extends Handler {
}
function cached_url() {
- $filename = $_GET['file'];
-
- if (strpos($filename, "/") !== FALSE) {
- list ($cache_dir, $filename) = explode("/", $filename, 2);
- } else {
- $cache_dir = "images";
- }
+ list ($cache_dir, $filename) = explode("/", $_GET["file"], 2);
$cache = new DiskCache($cache_dir);
diff --git a/include/functions.php b/include/functions.php
index 5a66e53b9815607da3b655cc2351dbf2978f37fe..3f80ba5ba93500f6168559804d7812dbc7087c1e 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -594,6 +594,10 @@
}
}
+ function clean_filename($filename) {
+ return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename));
+ }
+
function make_password($length = 12) {
$password = "";
$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
diff --git a/plugins/cache_starred_images/init.php b/plugins/cache_starred_images/init.php
index 916cedd537c40bb38c15366d428a47d59d6ed212..967569543210ccf4982c28458441891b428f0a15 100755
--- a/plugins/cache_starred_images/init.php
+++ b/plugins/cache_starred_images/init.php
@@ -101,7 +101,7 @@ class Cache_Starred_Images extends Plugin {
$local_filename = $article_id . "-" . sha1($enc["content_url"]);
if ($this->cache->exists($local_filename)) {
- $enc["content_url"] = DiskCache::getUrl("starred-images/" . $local_filename);
+ $enc["content_url"] = $this->cache->getUrl($local_filename);
}
return $enc;
@@ -123,7 +123,7 @@ class Cache_Starred_Images extends Plugin {
$local_filename = $article_id . "-" . sha1($src);
if ($this->cache->exists($local_filename)) {
- $entry->setAttribute("src", DiskCache::getUrl("starred-images/" . $local_filename));
+ $entry->setAttribute("src", $this->cache->getUrl($local_filename));
$entry->removeAttribute("srcset");
}
}