* [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice

* [FIX] Bugfixed resource includes

CHANGELOG

@@ -1,3 +1,8 @@
+=== ** v1.2.0.21 ===
+
+* [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice
+* [FIX] Bugfixed resource includes
+
 === ** v1.2.0.20 ===
 
 * [FIX] Critical bugfix that prevents directory traversal in JS/CSS includes. Thanks to Jan Van for the notice

CHANGELOG-ES

@@ -1,3 +1,8 @@
+=== ** v1.2.0.21 ===
+
+* [FIX] Corrección de fallo crítico que previene la transversión de directorios en la inclusión de archivos JS/CSS. Gracias a Jav Van por el aviso
+* [FIX] Corrección de la inclusión de recursos
+
 === ** v1.2.0.20 ===
 
 * [FIX] Corrección de fallo crítico que previene la transversión de directorios en la inclusión de archivos JS/CSS. Gracias a Jav Van por el aviso

css/css.php

@@ -52,7 +52,7 @@ if (!$file) {
 
     $Minify = new Minify();
     $Minify->setType(Minify::FILETYPE_CSS);
-    $Minify->setBase(urldecode($base));
+    $Minify->setBase(urldecode($base), true);
     $Minify->addFile(urldecode($file));
     $Minify->getMinified();
 }

inc/Base.php

@@ -25,6 +25,7 @@
 
 defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
 
+define('BASE_DIR', __DIR__);
 define('CONFIG_FILE', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'config.php');
 define('MODEL_PATH', __DIR__);
 define('CONTROLLER_PATH', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'web');

inc/Minify.class.php

@@ -63,10 +63,11 @@ class Minify
 
     /**
      * @param string $base
+     * @param bool   $checkPath
      */
-    public function setBase($base)
+    public function setBase($base, $checkPath = false)
     {
-        $this->_base = Request::getSecureAppPath($base);
+        $this->_base = $checkPath === true ? Request::getSecureAppPath($base) : $base;
     }
 
 

inc/Util.class.php

@@ -304,7 +304,7 @@ class Util
      */
     public static function curlIsAvailable()
     {
-        return (function_exists('curl_init'));
+        return function_exists('curl_init');
     }
 
     /**
@@ -315,7 +315,7 @@ class Util
      */
     public static function getVersion($retBuild = false)
     {
-        $version = array(1, 2, 0, '20');
+        $version = array(1, 2, 0, '21');
 
         if (!$retBuild) {
             array_pop($version);
@@ -338,9 +338,9 @@ class Util
      */
     public static function getMaxUpload()
     {
-        $max_upload = (int)(ini_get('upload_max_filesize'));
-        $max_post = (int)(ini_get('post_max_size'));
-        $memory_limit = (int)(ini_get('memory_limit'));
+        $max_upload = (int)ini_get('upload_max_filesize');
+        $max_post = (int)ini_get('post_max_size');
+        $memory_limit = (int)ini_get('memory_limit');
         $upload_mb = min($max_upload, $max_post, $memory_limit);
 
         Log::writeNewLog(__FUNCTION__, "Max. PHP upload: " . $upload_mb . "MB");

inc/themes/material-blue/js/functions.min.js

@@ -1,5 +1,5 @@
 var $jscomp={scope:{},findInternal:function(a,f,b){a instanceof String&&(a=String(a));for(var d=a.length,c=0;c<d;c++){var k=a[c];if(f.call(b,k,c,a))return{i:c,v:k}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,f,b){if(b.get||b.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[f]=b.value)};
-$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global&&null!=global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,b,d){if(f){b=$jscomp.global;a=a.split(".");for(d=0;d<a.length-1;d++){var c=a[d];c in b||(b[c]={});b=b[c]}a=a[a.length-1];d=b[a];f=f(d);f!=d&&null!=f&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:f})}};
+$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,b,d){if(f){b=$jscomp.global;a=a.split(".");for(d=0;d<a.length-1;d++){var c=a[d];c in b||(b[c]={});b=b[c]}a=a[a.length-1];d=b[a];f=f(d);f!=d&&null!=f&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:f})}};
 $jscomp.polyfill("Array.prototype.find",function(a){return a?a:function(a,b){return $jscomp.findInternal(this,a,b).v}},"es6-impl","es3");
 sysPass.Util.Theme=function(a){var f=sysPass.Util.Common,b=f.passwordData,d=f.LANG,c=function(){a("#wrap-loading").show();a("#loading").addClass("is-active")},k=function(){a("#wrap-loading").hide();a("#loading").removeClass("is-active")},m=function(){a(".active-tooltip").tooltip({content:function(){return a(this).attr("title")},tooltipClass:"tooltip"})},n=function(g,e,l,c){e=0;g="";for(var h;e<b.complexity.numlength;){h=Math.floor(100*Math.random())%94+33;if(!b.complexity.symbols){if(33<=h&&47>=h)continue;
 if(58<=h&&64>=h)continue;if(91<=h&&96>=h)continue;if(123<=h&&126>=h)continue}!b.complexity.numbers&&48<=h&&57>=h||!b.complexity.uppercase&&65<=h&&90>=h||(e++,g+=String.fromCharCode(h))}!0===l?a("#viewPass").attr("title",g):alertify.alert('<div id="alert"><p id="alert-text">'+d[6]+'</p><p id="alert-pass"> '+g+"</p>");e=zxcvbn(g);b.passLength=g.length;c?(l=a("#"+c).parent(),f.outputResult(e.score,c),e=new MaterialTextfield,l.find("input:password").val(g),l.addClass(e.CssClasses_.IS_DIRTY).removeClass(e.CssClasses_.IS_INVALID),

js/js.php

@@ -54,7 +54,7 @@ if (!$file) {
 
     $Minify = new Minify();
     $Minify->setType(Minify::FILETYPE_JS);
-    $Minify->setBase(urldecode($base));
+    $Minify->setBase(urldecode($base), true);
     $Minify->addFile(urldecode($file));
     $Minify->getMinified();
 }