From 3c59ee5de9f93967c6c3ecd23c9c73f8c7f892b4 Mon Sep 17 00:00:00 2001
From: Ellpeck <me@ellpeck.de>
Date: Fri, 18 Aug 2023 13:03:03 +0200
Subject: [PATCH] prevent directory traversal on server

---
 server/public/share.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/server/public/share.php b/server/public/share.php
index d8ff04d..2aba23c 100644
--- a/server/public/share.php
+++ b/server/public/share.php
@@ -114,13 +114,14 @@ function get_markdown_content(): ?string {
 }
 
 function get_markdown_path(string $id): string {
-    return get_data_path() . $id . ".md";
+    return get_id_base_path($id) . ".md";
 }
 
 function get_meta_path(string $id): string {
-    return get_data_path() . $id . ".json";
+    return get_id_base_path($id) . ".json";
 }
 
-function get_data_path(): string {
-    return dirname(getcwd()) . "/data/";
+function get_id_base_path(string $id): string {
+    // ensure id can't be used to traverse into other directories
+    return dirname(getcwd()) . "/data/" . basename($id);
 }