Securing paths in PHP
- by tjm
I'm writing some PHP which takes some paths to different content directories, and uses these to include various parts of pages later. I'm trying to ensure that the paths are as they seem, and none of them break the rules of the application. I have PRIVATEDIR which must lie above DOCUMENT_ROOT (aka) PUBLICDIR. CONTENTDIR which must lie within PRIVATEDIR and not go back below PUBLICDIR and some other *DIR's which must remain within CONTENTDIR. Currently I set up some defaults, and then override the ones the user specifies and then sanity check them with the following.
private function __construct($options) {
error_reporting(0);
if(is_array($options)) {
$this->opts = array_merge($this->opts, $options);
}
if($this->opts['STATUS']==='debug') {
error_reporting(E_ALL | E_NOTICE | E_STRICT);
}
$this->opts['PUBLICDIR'] = realpath($_SERVER['DOCUMENT_ROOT'])
.DIRECTORY_SEPARATOR;
$this->opts['PRIVATEDIR'] = realpath($this->opts['PUBLICDIR']
.$this->opts['PRIVATEDIR'])
.DIRECTORY_SEPARATOR;
$this->opts['CONTENTDIR'] = realpath($this->opts['PRIVATEDIR']
.$this->opts['CONTENTDIR'])
.DIRECTORY_SEPARATOR;
$this->opts['CACHEDIR'] = realpath($this->opts['PRIVATEDIR']
.$this->opts['CACHEDIR'])
.DIRECTORY_SEPARATOR;
$this->opts['ERRORDIR'] = realpath($this->opts['CONTENTDIR']
.$this->opts['ERRORDIR'])
.DIRECTORY_SEPARATOR;
$this->opts['TEMPLATEDIR' = realpath($this->opts['CONTENTDIR']
.$this->opts['TEMPLATEDIR'])
.DIRECTORY_SEPARATOR;
// then here I have to check that PRIVATEDIR is above PUBLICDIR
// and that all the rest remain within private dir and don't drop
// down into (or below) PUBLICDIR again. And die with an error if
// they don't conform.
}
The thing is this seems like a lot of work to do, especially as it must be run, every time a page is accessed, before I can do anything else, e.g check for a cached version of the page I'm serving. Part of me is thinking, since all of these paths are predefined by the maintainer of the site, they SHOULD be aware of what paths they are allowing access to and ensuring they are secure. But, I think I'm thinking that because currently I am said maintainer, and I KNOW my paths conform to the rules. That said, I do want to secure this thing from any accidental errors by future maintainers (and I bet, now I've said above "I KNOW...", probably from myself somewhere down the line). This just feels like a suboptimal solution. I wonder how fast this would really be and what you would suggest to improve it or as an alternative?
Thanks.
