From 164059038534d5589b85aaa9fe6412eaf67e87a0 Mon Sep 17 00:00:00 2001 From: ewilly Date: Tue, 1 May 2018 07:49:00 +0200 Subject: [PATCH] Fix the issue alias_traversal --- conf/nginx.conf | 11 ++++++----- scripts/_common.sh | 7 ++++--- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 09ed51a..8c3abac 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,3 +1,4 @@ +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { # Path to source alias __FINALPATH__/; @@ -38,20 +39,20 @@ location __PATH__/ { fastcgi_intercept_errors on; } - location ~ (uploads|thumbs){ + location ^~ __PATH__/(uploads|thumbs){ deny all; } - location ~ private { + location ^~ __PATH__/private { deny all; - location ~* /temp/.*\.zip$ { + location ~* __PATH__/private/temp/.*\.zip$ { allow all; } } - location ~ core { + location ^~ __PATH__/core { deny all; - location ~* \.js$ { + location ~* __PATH__/core/.*\.js$ { allow all; } } diff --git a/scripts/_common.sh b/scripts/_common.sh index 4e361bf..8e8d6c1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -25,8 +25,7 @@ myynh_check_disk_space () { file_to_analyse=$1 backup_size=$(du --summarize "$1" | cut -f1) free_space=$(df --output=avail "/home/yunohost.backup" | sed 1d) - if [ $free_space -le $backup_size ] - then + if [ $free_space -le $backup_size ]; then WARNING echo "Not enough backup disk space for: $1" WARNING echo "Space available: $(HUMAN_SIZE $free_space)" ynh_die "Space needed: $(HUMAN_SIZE $backup_size)" @@ -46,13 +45,15 @@ myynh_add_nginx_config () { # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. # Substitute in a nginx config file only if the variable is not empty [ -n "${path_url:-}" ] && ynh_replace_string "__PATH__" "$path_url" "$nginx_conf" + if [ "${path_url:-}" != "/" ]; then + ynh_replace_string "^#sub_path_only" "" "$nginx_conf" + fi [ -n "${final_path:-}" ] && ynh_replace_string "__FINALPATH__" "$final_path" "$nginx_conf" [ -n "${app:-}" ] && ynh_replace_string "__NAME__" "$app" "$nginx_conf" [ -n "${filesize:-}" ] && ynh_replace_string "__FILESIZE__" "$filesize" "$nginx_conf" ynh_store_file_checksum "$nginx_conf" systemctl reload nginx } - # Create a dedicated php-fpm config myynh_add_fpm_config () { ynh_backup_if_checksum_is_different "$phpfpm_conf" 1