Merge pull request #3465 in SW/shopware from sw-14719/5.1/load-files to 5.1

MarcelSchmaeing · MarcelSchmaeing · commit 8393ccda4cf6 · 2016-04-08T08:54:27.000+02:00
* commit 'd73e9031a5b2ab6e918eb86d1e2b2e873cd3558d':
  SW-14719 - Improve input validation in ScriptRenderer
diff --git a/engine/Library/Enlight/Controller/Plugins/ScriptRenderer/Bootstrap.php b/engine/Library/Enlight/Controller/Plugins/ScriptRenderer/Bootstrap.php
@@ -170,28 +170,35 @@ public function getTemplateName()
         }
 
         $templateNames = array();
-
         foreach ($fileNames as $fileName) {
+            // Remove unwanted characters
+            $fileName = preg_replace('/[^a-z0-9\/_-]/i', '', $fileName);
+
+            // Replace multiple forward slashes
+            $fileName = preg_replace('#/+#', '/', $fileName);
+
+            // Remove leading and trailing forward slash
+            $fileName = trim($fileName, '/');
+
             // if string starts with "m/" replace with "model/"
             $fileName = preg_replace('/^m\//', 'model/', $fileName);
             $fileName = preg_replace('/^c\//', 'controller/', $fileName);
             $fileName = preg_replace('/^v\//', 'view/', $fileName);
 
-            $fileName = ltrim(dirname($fileName) . '/' . basename($fileName, '.js'), '/.');
-
             if (empty($fileName)) {
                 continue;
             }
 
-            $templateNames[] = $inflector->filter(array(
+            $fileName = $inflector->filter(array(
                 'module'     => $moduleName,
                 'controller' => $controllerName,
-                'file'       => $fileName)
-            );
+                'file'       => $fileName
+            ));
+
+            $templateNames[]  = $fileName;
         }
 
         $count = count($templateNames);
-
         if ($count === 0) {
             return null;
         } elseif ($count === 1) {
diff --git a/engine/Shopware/Controllers/Backend/ExtJs.php b/engine/Shopware/Controllers/Backend/ExtJs.php
@@ -208,26 +208,36 @@ public function extendsAction()
         $this->View()->Engine()->setCompileId($this->View()->Engine()->getCompileId() . '_' . $this->Request()->getControllerName());
 
         foreach ($fileNames as $fileName) {
+            // Remove unwanted characters
+            $fileName = preg_replace('/[^a-z0-9\/_-]/i', '', $fileName);
+
+            // Replace multiple forward slashes
+            $fileName = preg_replace('#/+#', '/', $fileName);
+
+            // Remove leading and trailing forward slash
+            $fileName = trim($fileName, '/');
+
             // if string starts with "m/" replace with "model/"
             $fileName = preg_replace('/^m\//', 'model/', $fileName);
             $fileName = preg_replace('/^c\//', 'controller/', $fileName);
             $fileName = preg_replace('/^v\//', 'view/', $fileName);
 
-            $fileName = ltrim(dirname($fileName) . '/' . basename($fileName, '.js'), '/.');
             if (empty($fileName)) {
                 continue;
             }
+
             $templateBase = $inflector->filter(array(
-                'module' => $moduleName,
+                'module'     => $moduleName,
                 'controller' => $controllerName,
-                'file' => $fileName)
-            );
+                'file'       => $fileName
+            ));
 
             $templateExtend = $inflector->filter(array(
-                'module' => $moduleName,
+                'module'     => $moduleName,
                 'controller' => $this->Request()->getControllerName(),
-                'file' => $fileName)
-            );
+                'file'       => $fileName
+            ));
+
             if ($this->View()->templateExists($templateBase)) {
                 $template .= '{include file="' . $templateBase. '"}' . "\n";
             }
