From 7b4b4306a6118bba6a8dcba5a7fd648dbdd22de3 Mon Sep 17 00:00:00 2001
From: Junior <junior@jaj.com>
Date: Fri, 18 Aug 2023 13:19:41 -0400
Subject: [PATCH] Switch makePathSafe to use native realpath()

---
 ajax/showcomic.php | 10 ++++++----
 downloadcomic.php  |  5 +++--
 functions.php      | 24 ------------------------
 3 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/ajax/showcomic.php b/ajax/showcomic.php
index eb949c4..9db4fa9 100644
--- a/ajax/showcomic.php
+++ b/ajax/showcomic.php
@@ -5,16 +5,18 @@ require '../header.php';
 require_login();
 
 if ( isset($_REQUEST['comic']) ) {
-   $comic = makePathSafe(base64_decode(urldecode(($_REQUEST['comic']))));
-   $comicfull = COMICSDIR . $comic;
+   $comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic'])));
+   if ( $comicfull === false ) exit();
+   if ( substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR ) exit();
+   $comic = substr($comicfull, strlen(COMICSDIR));
    $comicoutputurl = "comics" . str_replace("#", "", $comic) . "/";
    $comicoutputfull = "../" . EXTRACTSDIR . str_replace("#", "", $comic) . "/";
 } else {
    exit();
 }
 
-$ext = strtolower(substr($comic, -3));
-$_SESSION['comfile'] = basename($comic);
+$ext = strtolower(substr($comicfull, -3));
+$_SESSION['comfile'] = basename($comicfull);
 
 $data = array();
 
diff --git a/downloadcomic.php b/downloadcomic.php
index bc1b878..e6fa1b4 100644
--- a/downloadcomic.php
+++ b/downloadcomic.php
@@ -5,8 +5,9 @@ require 'header.php';
 require_login();
 
 if ( isset($_REQUEST['comic']) ) {
-   $comic = makePathSafe(base64_decode(urldecode(($_REQUEST['comic']))));
-   $comicfull = COMICSDIR . $comic;
+   $comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['comic'])));
+   if ( $comicfull === false ) exit();
+   if ( substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR ) exit();
 } else {
    exit();
 }
diff --git a/functions.php b/functions.php
index 76dd16d..90c9811 100644
--- a/functions.php
+++ b/functions.php
@@ -5,30 +5,6 @@ function microtime_float() {
    return ((float)$usec + (float)$sec);
 }
 
-function makePathSafe($path = "") {
-   if ( $path == "" ) return "";
-   // Stick forward slashes on the ends to make matching more consistent
-   $path = "/" . $path . "/";
-   // Remove all instances of dots between forward slashes
-   while ( preg_match("/\/\.{0,}\//", $path) ) {
-      $path = preg_replace("/\/\.{0,}\//", "/", $path);
-   }
-   // Replace all instances of two consecutive forward slashes
-   while ( strpos($path, "//") !== false ) {
-      $path = str_replace("//", "/", $path);
-   }
-   // Remove all leading forward slashes
-   while ( substr($path, 0, 1) == '/' ) {
-      $path = substr($path, 1);
-   }
-   // Remove all trailing forward slashes
-   while ( substr($path, -1) == '/' ) {
-      $path = substr($path, 0, strlen($path)-1);
-   }
-   $path = "/" . $path;
-   return $path;
-}
-
 function makeThumb($item = "") {
    if ( $item == "" ) { return false; }
    if ( is_dir($item) ) {