-1

I could need some help securing some data transfers and I'm not familiar with ajax and php. Sorry for mistakes, happy to receive some more help.

In an ajax action, users share (send POST-) data to a write.php script. The data contains a randomized foldername (shared foldername) and some values that get written to a txt file inside the foldername. The index.html file will get copied to the share-folder and a string replaced with a shared data value. A read.php script gets copied to the share-folder as well, so the values can be computed for other users, once they open the index.html inside the share-folder.

I tried to sanitize through regex count and test_input function and setting a basepath. The script works but I'm not sure if all this is correct and enough protection to prevent malicious attacks? Making and copying folders and files, replacing strings, all this makes me get stomach ache... I'd be happy if someone could suggest edits.

Thanks!

write.php receiving $foldername, $value1, $value2:
<?php 
    
    function test_input($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }

    if(isset($_POST['foldername'],$_POST['value1'],$_POST['value2'])){
        
        $foldername = test_input($_POST['foldername']);
        $value1 = test_input($_POST['value1']);
        $value2 = test_input($_POST['value2']);

        $regex_foldername = "/^([a-z]{10})$/";
        $regex_value1 = "/^([a-z]{5})$/";
        $regex_value2 = "/^([a-z]{5})$/";
        
        preg_match($regex_foldername, $foldername, $matches);
        $result = count($matches) > 0;
        preg_match($regex_value1, $value1, $matches);
        $result = $result + (count($matches) > 0);
        preg_match($regex_value2, $value2, $matches);
        $result = $result + (count($matches) > 0);
        
        if($result == 3){
            $basepath = '/var/www/abc/basepath/';
            mkdir($basepath . 'share/' . $foldername, 0755);

            $sharepath = $basepath . 'share/' . $foldername . '/';

            copy($basepath . "index.html", $sharepath . "index.html");
            copy($basepath . "read.php", $sharepath . "read.php");

            $newindex = $sharepath . "index.html";

            $oldcodetl = file_get_contents($newindex);
            $strtl = str_replace("no_value_set", $value1,$oldcodetl,$resulttl);
            $myfiletl = fopen($newindex, "w");
            fwrite($myfiletl, $strtl);

            $file = $sharepath . 'file.txt';
            if (is_readable($file)) {
                file_get_contents($file);
            }    
            file_put_contents($file, "$value1;$value2;\n", FILE_APPEND);
        }
    }   

    die();
?>
Your Common Sense
  • 154,967
  • 38
  • 205
  • 325
max
  • 1
  • 2
  • 1
    Store the data in a standard format like JSON. – Barmar May 27 '22 at 22:34
  • **Question**: If an attacker successfully finds the location of the txt (or JSON) file and read the data inside it, what will happen ? – Ken Lee May 27 '22 at 22:54
  • Thanks for the hints. The passed data itself is not sensitive, everyone may read it. I use this approach (https://stackoverflow.com/questions/17426199/jquery-ajax-and-json-format/17426290#17426290 ) before data gets send. My question is if there is any way an attacker could still change data, traverse paths or something else? – max May 28 '22 at 04:19
  • I adapted @Bramars suggestion in the above code and added the ajax call. – max May 28 '22 at 08:26
  • Do not edit your question after "suggestions", especially irrelevant ones. Especially ones you misunderstood. Barmar suggested to "store", not "send through ajax". – Your Common Sense May 28 '22 at 08:34
  • 1
    This question is actually entire off topic and belongs to codereview.stackexchange.com – Your Common Sense May 28 '22 at 08:36
  • Your code seems all right, only it's too bloated and therefore hard to read which makes it hard to review. It should be really only a few lines – Your Common Sense May 28 '22 at 08:39
  • Thanks for welcoming me lol. Will try to store the json data in txt file (hope that was the correct assumption) and ask someplace else, thanks for your suggestion. – max May 28 '22 at 19:22

0 Answers0