From 9823f9d2e4e9e24ef58e0b3cb37abe3099bcae3c Mon Sep 17 00:00:00 2001
From: Edmar Moretti <edmar.moretti@gmail.com>
Date: Wed, 10 Aug 2016 19:32:34 -0300
Subject: [PATCH] aprimoramento das validações nas ferramentas de upload

---
 classesphp/funcoes_gerais.php        | 18 ++++++++++++++++++
 ferramentas/aplicarsld/upload.php    | 14 +++++++++++++-
 ferramentas/carregamapa/upload.php   | 13 +++++++++++--
 ferramentas/importarwmc/upload.php   | 13 ++++++++++++-
 ferramentas/upload/upload.php        | 29 ++++++++++++++++++++++++++++-
 ferramentas/uploaddbf/upload.php     | 14 +++++++++++++-
 ferramentas/uploadgpx/upload.php     | 11 ++++++++++-
 ferramentas/uploadkml/upload.php     | 11 ++++++++++-
 ferramentas/uploadsimbolo/upload.php | 18 +++++++++++++++++-
 9 files changed, 132 insertions(+), 9 deletions(-)

diff --git a/classesphp/funcoes_gerais.php b/classesphp/funcoes_gerais.php
index 6efb825..7c211dd 100755
--- a/classesphp/funcoes_gerais.php
+++ b/classesphp/funcoes_gerais.php
@@ -3021,4 +3021,22 @@ function pegaProjecaoDefault($tipo=""){
 		return $i3GeoProjDefault[$tipo];
 	}
 }
+/**
+ * Verifica se uma string existe em um arquivo
+ */
+function fileContemString($arq,$s){
+	if(!file_exists($arq)){
+		return false;
+	}
+	$handle = fopen($arq, 'r');
+	$valid = false; // init as false
+	while (($buffer = fgets($handle)) !== false) {
+		if (strpos($buffer, $s) !== false) {
+			$valid = TRUE;
+			break; // Once you find the string, you should break out the loop.
+		}
+	}
+	fclose($handle);
+	return $valid;
+}
 ?>
diff --git a/ferramentas/aplicarsld/upload.php b/ferramentas/aplicarsld/upload.php
index 7daae97..3710632 100755
--- a/ferramentas/aplicarsld/upload.php
+++ b/ferramentas/aplicarsld/upload.php
@@ -22,7 +22,7 @@ $tema = $_GET["tema"];
 <body bgcolor="white" style="background-color:white;text-align:left;">
 <p>
 <?php
-if (isset($_FILES['i3GEOaplicarsld']['name']))
+if (isset($_FILES['i3GEOaplicarsld']['name']) && strlen(basename($_FILES['i3GEOaplicarsld']['name'])) < 200 )
 {
 	//$ndir = dirname($filen);
 	require_once (dirname(__FILE__)."/../../ms_configura.php");
@@ -31,11 +31,23 @@ if (isset($_FILES['i3GEOaplicarsld']['name']))
 	$dirmap = dirname($map_file);
 	//verifica nomes
 	$ArquivoDest = $_FILES['i3GEOaplicarsld']['name'];
+
+	$ArquivoDest = strip_tags($ArquivoDest);
+	$ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES);
+
+	$ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true));
+
 	$ArquivoDest = str_replace(".sld","",$ArquivoDest).".sld";
 	verificaNome($ArquivoDest);
 
 	//sobe arquivo
 	$Arquivo = $_FILES['i3GEOaplicarsld']['tmp_name'];
+
+	$checkphp = fileContemString($_FILES['i3GEOaplicarsld']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+
 	$status =  move_uploaded_file($Arquivo,$dirmap."/".$ArquivoDest);
 
 	if($status != 1)
diff --git a/ferramentas/carregamapa/upload.php b/ferramentas/carregamapa/upload.php
index c3220c6..fc438c1 100755
--- a/ferramentas/carregamapa/upload.php
+++ b/ferramentas/carregamapa/upload.php
@@ -21,12 +21,15 @@ require_once (dirname(__FILE__)."/../../ms_configura.php");
 <body bgcolor="white" style="background-color:white">
 <p>
 <?php
-if (isset($_FILES['i3GEOcarregamapafilemap']['name']))
+if (isset($_FILES['i3GEOcarregamapafilemap']['name']) && strlen(basename($_FILES['i3GEOcarregamapafilemap']['name'])) < 200)
 {
 	echo "<p class='paragrafo' >Carregando o arquivo...</p>";
 	$dirmap = $dir_tmp;
 	$Arquivo = $_FILES['i3GEOcarregamapafilemap']['name'];
-	$Arquivo = str_replace(".map","",$Arquivo)."_up.map";
+	$Arquivo = str_replace(".map","",$Arquivo) . md5(uniqid(rand(), true)) . "_up.map";
+
+	$Arquivo = strip_tags($Arquivo);
+	$Arquivo = htmlspecialchars($Arquivo, ENT_QUOTES);
 
 	verificaNome($Arquivo);
 	/*
@@ -36,6 +39,12 @@ if (isset($_FILES['i3GEOcarregamapafilemap']['name']))
 	if($statusNome != 1)
 	{echo "<p class='paragrafo' >Arquivo inv&aacute;lido.!";paraAguarde();exit;}
 	*/
+
+	$checkphp = fileContemString($_FILES['i3GEOcarregamapafilemap']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+
 	$nome = basename($Arquivo);
 	$arqtemp = $dirmap."/".$Arquivo;
 	$status =  move_uploaded_file($_FILES['i3GEOcarregamapafilemap']['tmp_name'],$dirmap."/".$Arquivo);
diff --git a/ferramentas/importarwmc/upload.php b/ferramentas/importarwmc/upload.php
index c6e36b3..53af7ce 100755
--- a/ferramentas/importarwmc/upload.php
+++ b/ferramentas/importarwmc/upload.php
@@ -22,14 +22,25 @@ error_reporting(0);
 require_once (dirname(__FILE__)."/../../ms_configura.php");
 $dirmap = dirname($map_file);
 $arquivo = "";
-if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]))
+if(isset($_FILES['i3GEOimportarwmc']['name']) && !($_POST["i3GEOimportarwmcurl"]) && strlen(basename($_FILES['i3GEOimportarwmc']['name'])) < 200)
 {
 	echo "<p class='paragrafo' >Carregando o arquivo...</p>";
 	//verifica nomes
 	$ArquivoDest = $_FILES['i3GEOimportarwmc']['name'];
+	$ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true));
 	$ArquivoDest = str_replace(".xml","",$ArquivoDest).".xml";
+
+	$ArquivoDest = strip_tags($ArquivoDest);
+	$ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES);
+
 	verificaNome($ArquivoDest);
 	//sobe arquivo
+
+	$checkphp = fileContemString($_FILES['i3GEOimportarwmc']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+
 	$Arquivo = $_FILES['i3GEOimportarwmc']['tmp_name'];
 	$status =  move_uploaded_file($Arquivo,$dirmap."/".$ArquivoDest);
 	$arquivo = $dirmap."/".$_FILES['i3GEOimportarwmc']['name'];
diff --git a/ferramentas/upload/upload.php b/ferramentas/upload/upload.php
index de7844e..76ecc9d 100755
--- a/ferramentas/upload/upload.php
+++ b/ferramentas/upload/upload.php
@@ -54,12 +54,36 @@ if (isset($_FILES['i3GEOuploadshp']['name']))
 	verificaNome($_FILES['i3GEOuploadshp']['name']);
 	verificaNome($_FILES['i3GEOuploadshx']['name']);
 	verificaNome($_FILES['i3GEOuploaddbf']['name']);
+
 	if($_FILES['i3GEOuploadprj']['name'] != ""){
 		verificaNome($_FILES['i3GEOuploadprj']['name']);
 	}
+
+	$checkphp = fileContemString($_FILES['i3GEOuploadprj']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+	$checkphp = fileContemString($_FILES['i3GEOuploadshx']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+	$checkphp = fileContemString($_FILES['i3GEOuploaddbf']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+	$checkphp = fileContemString($_FILES['i3GEOuploadshp']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+
+
 	//remove acentos
 	$nomePrefixo = str_replace(" ","_",removeAcentos(str_replace(".shp","",$_FILES['i3GEOuploadshp']['name'])));
-	//$nomePrefixo = $nomePrefixo."_".(nomeRandomico(4));
+
+	$nomePrefixo = strip_tags($nomePrefixo);
+	$nomePrefixo = htmlspecialchars($nomePrefixo, ENT_QUOTES);
+
+	$nomePrefixo = $nomePrefixo . md5(uniqid(rand(), true));
 
 	//sobe arquivo
 	$Arquivo = $_FILES['i3GEOuploadshp']['tmp_name'];
@@ -189,6 +213,9 @@ function paraAguarde(){
 	echo "<script>try{window.scrollTo(0,10000);window.parent.i3GEOF.upload.aguarde.visibility='hidden';}catch(e){};</script>";
 }
 function verificaNome($nome){
+	if(strlen(basename($nome)) > 200){
+		exit;
+	}
 	$nome = strtolower($nome);
 	$lista = explode(".",$nome);
 	$extensao = $lista[count($lista) - 1];
diff --git a/ferramentas/uploaddbf/upload.php b/ferramentas/uploaddbf/upload.php
index 700d73a..d3e1733 100755
--- a/ferramentas/uploaddbf/upload.php
+++ b/ferramentas/uploaddbf/upload.php
@@ -20,8 +20,13 @@ if (ob_get_level() == 0) ob_start();
 <body bgcolor="white" style="background-color:white;text-align:left;">
 <p>
 <?php
-if (isset($_FILES['i3GEOuploaddbffile']['name']))
+if (isset($_FILES['i3GEOuploaddbffile']['name']) && strlen(basename($_FILES['i3GEOuploaddbffile']['name'])) < 200 )
 {
+	$checkphp = fileContemString($_FILES['i3GEOuploaddbffile']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+
 	//$ndir = dirname($filen);
 	require_once (dirname(__FILE__)."/../../ms_configura.php");
 	$mapa = ms_newMapObj($map_file);
@@ -32,12 +37,19 @@ if (isset($_FILES['i3GEOuploaddbffile']['name']))
 	$dirmap = dirname($map_file);
 	//verifica nomes
 	$ArquivoDest = $_FILES['i3GEOuploaddbffile']['name'];
+
+	$ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true));
+
 	if($i3GEOuploaddbftipoarquivo != "dbf"){
 		$ArquivoDest = str_replace(".csv","",$ArquivoDest).".csv";
 	}
 	else{
 		$ArquivoDest = str_replace(".dbf","",$ArquivoDest).".dbf";
 	}
+
+	$ArquivoDest = strip_tags($ArquivoDest);
+	$ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES);
+
 	verificaNome($ArquivoDest);
 	verificaNome($_FILES['i3GEOuploaddbffile']['name']);
 	//sobe arquivo
diff --git a/ferramentas/uploadgpx/upload.php b/ferramentas/uploadgpx/upload.php
index 5d0b963..db7bbf0 100755
--- a/ferramentas/uploadgpx/upload.php
+++ b/ferramentas/uploadgpx/upload.php
@@ -21,8 +21,12 @@ if (ob_get_level() == 0) ob_start();
 <body bgcolor="white" style="background-color:white;text-align:left;">
 <p>
 <?php
-if (isset($_FILES['i3GEOuploadgpx']['name']))
+if (isset($_FILES['i3GEOuploadgpx']['name']) && strlen(basename($_FILES['i3GEOuploadgpx']['name'])) < 200 )
 {
+	$checkphp = fileContemString($_FILES['i3GEOuploadgpx']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
 	//$ndir = dirname($filen);
 	require_once (dirname(__FILE__)."/../../ms_configura.php");
 	$mapa = ms_newMapObj($map_file);
@@ -33,7 +37,12 @@ if (isset($_FILES['i3GEOuploadgpx']['name']))
 	$dirmap = dirname($map_file);
 	//verifica nomes
 	$ArquivoDest = $_FILES['i3GEOuploadgpx']['name'];
+	$ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true));
 	$ArquivoDest = str_replace(".gpx","",$ArquivoDest).".gpx";
+
+	$ArquivoDest = strip_tags($ArquivoDest);
+	$ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES);
+
 	verificaNome($ArquivoDest);
 
 	//sobe arquivo
diff --git a/ferramentas/uploadkml/upload.php b/ferramentas/uploadkml/upload.php
index 55f00e0..53f6c53 100755
--- a/ferramentas/uploadkml/upload.php
+++ b/ferramentas/uploadkml/upload.php
@@ -23,8 +23,12 @@ if (ob_get_level() == 0) ob_start();
 <body bgcolor="white" style="background-color:white;text-align:left;">
 <p>
 <?php
-if (isset($_FILES['i3GEOuploadkml']['name']))
+if (isset($_FILES['i3GEOuploadkml']['name']) && strlen(basename($_FILES['i3GEOuploadkml']['name'])) < 200 )
 {
+	$checkphp = fileContemString($_FILES['i3GEOuploadkml']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
 	//$ndir = dirname($filen);
 	require_once (dirname(__FILE__)."/../../ms_configura.php");
 	$mapa = ms_newMapObj($map_file);
@@ -35,7 +39,12 @@ if (isset($_FILES['i3GEOuploadkml']['name']))
 	$dirmap = dirname($map_file);
 	//verifica nomes
 	$ArquivoDest = $_FILES['i3GEOuploadkml']['name'];
+	$ArquivoDest = $ArquivoDest . md5(uniqid(rand(), true));
 	$ArquivoDest = str_replace(".kml","",$ArquivoDest).".kml";
+
+	$ArquivoDest = strip_tags($ArquivoDest);
+	$ArquivoDest = htmlspecialchars($ArquivoDest, ENT_QUOTES);
+
 	verificaNome($ArquivoDest);
 
 	//sobe arquivo
diff --git a/ferramentas/uploadsimbolo/upload.php b/ferramentas/uploadsimbolo/upload.php
index dfdd2fc..335b39a 100755
--- a/ferramentas/uploadsimbolo/upload.php
+++ b/ferramentas/uploadsimbolo/upload.php
@@ -18,7 +18,13 @@ if (ob_get_level() == 0) ob_start();
 <body bgcolor="white" style="background-color:white;text-align:left;">
 <p>
 <?php
-if (isset($_FILES['i3GEOuploadsimboloarq']['name'])){
+if (isset($_FILES['i3GEOuploadsimboloarq']['name']) && strlen(basename($_FILES['i3GEOuploadsimboloarq']['name'])) < 200){
+
+	$checkphp = fileContemString($_FILES['i3GEOuploadkml']['tmp_name'],"<?");
+	if($checkphp == true){
+		exit;
+	}
+
 	require_once (dirname(__FILE__)."/../../ms_configura.php");
 	echo "<p class='paragrafo' >Carregando o arquivo...</p>";
 	ob_flush();
@@ -43,11 +49,21 @@ if (isset($_FILES['i3GEOuploadsimboloarq']['name'])){
 
 	$nome = str_replace(".png","",$nome).".png";
 
+	$nome = strip_tags($nome);
+	$nome = htmlspecialchars($nome, ENT_QUOTES);
+
+	$nome = $nome . md5(uniqid(rand(), true));
+
 	verificaNome($nome);
 	//sobe arquivo
 	$Arquivo = $_FILES['i3GEOuploadsimboloarq']['tmp_name'];
 	$destino = $dirDestino."/".$nome;
 
+	$check = getimagesize($Arquivo);
+	if($check === false) {
+		exit;
+	}
+
 	if(file_exists($destino))
 	{echo "<p class='paragrafo' >J&aacute; existe um arquivo com o nome ".$destino;paraAguarde();exit;}
 	$status =  move_uploaded_file($Arquivo,$destino);
--
libgit2 0.21.2