mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-27 09:09:04 +01:00
store CalDAV/CardDAV log in user spezific log directories
This commit is contained in:
parent
324f0b664b
commit
a4526c98cb
@ -2054,6 +2054,17 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
if (self::$request_starttime) self::log_request();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitizing filename to gard agains path traversal and / eg. in UserAgent string
|
||||
*
|
||||
* @param string $filename
|
||||
* @return string
|
||||
*/
|
||||
public static function sanitize_filename($filename)
|
||||
{
|
||||
return str_replace(array('../', '/'), array('', '!'), $filename);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log the request
|
||||
*
|
||||
@ -2067,12 +2078,12 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
{
|
||||
$msg_file = $GLOBALS['egw_info']['server']['files_dir'];
|
||||
$msg_file .= '/groupdav';
|
||||
if (!file_exists($msg_file) && !mkdir($msg_file,0700))
|
||||
$msg_file .= '/'.self::sanitize_filename($GLOBALS['egw_info']['user']['account_lid']).'/';
|
||||
if (!file_exists($msg_file) && !mkdir($msg_file, 0700, true))
|
||||
{
|
||||
error_log(__METHOD__."() Could NOT create directory '$msg_file'!");
|
||||
return;
|
||||
}
|
||||
$msg_file .= '/'.$GLOBALS['egw_info']['user']['account_lid'].'-';
|
||||
// stop CalDAVTester from creating one log per test-step
|
||||
if (substr($_SERVER['HTTP_USER_AGENT'], 0, 14) == 'scripts/tests/')
|
||||
{
|
||||
@ -2080,7 +2091,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
}
|
||||
else
|
||||
{
|
||||
$msg_file .= str_replace('/','!',$_SERVER['HTTP_USER_AGENT']).'.log';
|
||||
$msg_file .= self::sanitize_filename($_SERVER['HTTP_USER_AGENT']).'.log';
|
||||
}
|
||||
$content = '*** '.$_SERVER['REMOTE_ADDR'].' '.date('c')."\n";
|
||||
}
|
||||
|
@ -105,17 +105,16 @@ class Hooks
|
||||
if ($GLOBALS['type'] === 'user')
|
||||
{
|
||||
$logs = array();
|
||||
if (file_exists($log_dir=$GLOBALS['egw_info']['server']['files_dir'].'/groupdav') && ($files = scandir($log_dir)))
|
||||
$relativ_log_dir .= 'groupdav/'.Api\CalDAV::sanitize_filename(Api\Accounts::id2name($hook_data['account_id']));
|
||||
$log_dir = $GLOBALS['egw_info']['server']['files_dir'].'/'.$relativ_log_dir;
|
||||
if (file_exists($log_dir) && ($files = scandir($log_dir)))
|
||||
{
|
||||
$account_lid = Api\Accounts::id2name($hook_data['account_id']);
|
||||
$account_lid_len = strlen($account_lid);
|
||||
foreach($files as $log)
|
||||
{
|
||||
if (substr($log,0,$account_lid_len+1) == $account_lid.'-' &&
|
||||
substr($log,-4) == '.log')
|
||||
if (substr($log, -4) == '.log')
|
||||
{
|
||||
$logs['groupdav/'.$log] = Api\DateTime::to(filemtime($log_dir.'/'.$log)).': '.
|
||||
str_replace('!','/',substr($log,$account_lid_len+1,-4));
|
||||
$logs[$relativ_log_dir.'/'.$log] = Api\DateTime::to(filemtime($log_dir.'/'.$log)).': '.
|
||||
str_replace('!', '/', $log);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -155,8 +154,8 @@ class Hooks
|
||||
{
|
||||
$filename = $_GET['filename'];
|
||||
$matches = null;
|
||||
if (!preg_match('|^groupdav/'.($GLOBALS['egw_info']['user']['apps']['admin'] ? '[^-]+' :
|
||||
preg_quote($GLOBALS['egw_info']['user']['account_lid'], '|')).'-(.*)\.log$|', $filename, $matches))
|
||||
if (!preg_match('|^groupdav/'.($GLOBALS['egw_info']['user']['apps']['admin'] ? '[^/]+/' :
|
||||
preg_quote(Api\CalDAV::sanitize_filename($GLOBALS['egw_info']['user']['account_lid']), '|')).'(.*)\.log$|', $filename, $matches))
|
||||
{
|
||||
throw new Api\Exception\WrongParameter("Access denied to file '$filename'!");
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user