kharissulistiyo · November 21, 2024 14:13
diff --git a/bad-code-sample-directory-traversal-vulnerability.php b/bad-code-sample-directory-traversal-vulnerability.php
 <?php

  function alm_get_layout() {
    $form_data = filter_input_array( INPUT_GET );

    if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $form_data['nonce'] ) ) {
      // Bail early if missing WP capabilities or nonce.
      wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) );
    }

    if ( ! wp_verify_nonce( $form_data['nonce'], 'alm_repeater_nonce' ) ) {
      // Verify nonce.
      wp_die( esc_attr__( 'Error - unable to verify nonce, please try again.', 'ajax-load-more' ) );
    }

    $type   = sanitize_text_field( $form_data['type'] );
    $custom = sanitize_text_field( $form_data['custom'] );

    if ( $type === 'default' ) { // Default Layout.
      $path = ALM_PATH . 'admin/includes/layout/' . $type . '.php';

      // Security checker.
      // Note: Confirm directory path does not contain relative path.
      if ( false !== strpos( $path, './' ) ) {
        wp_die( esc_attr__( 'This doesn\'t look right, what are you trying to do?', 'ajax-load-more' ) );
      }

      $content = AjaxLoadMore::alm_get_default_repeater_markup();

    } else {
      if ( $custom === 'true' ) {
        // Custom Layout.
        $dir = 'alm_layouts';
        if ( is_child_theme() ) {
          $path = get_stylesheet_directory() . '/' . $dir . '/' . $type;
          // if child theme does not have the layout, check the parent theme.
          if ( ! file_exists( $path ) ) {
            $path = get_template_directory() . '/' . $dir . '/' . $type;
          }
        } else {
          $path = get_template_directory() . '/' . $dir . '/' . $type;
        }

        // Security checker.
        // Note: Confirm directory path does not contain relative path.
        if ( false !== strpos( $path, './' ) ) {
          wp_die();
        }

        // phpcs:ignore
        $content = file_get_contents( $path );

      } else {
        // Layouts Add-on.
        $path = ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php';

        // Security checker.
        // Note: Confirm directory path does not contain relative path.
        if ( false !== strpos( $path, './' ) ) {
          wp_die();
        }
        // phpcs:ignore
        $content = file_get_contents( ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php' );
      }
    }

    $return['value'] = $content;
    echo wp_json_encode( $return );
    wp_die();
  }
	<?php

	function alm_get_layout() {
	$form_data = filter_input_array( INPUT_GET );

	if ( ! current_user_can( 'edit_theme_options' ) \|\| ! isset( $form_data['nonce'] ) ) {
	// Bail early if missing WP capabilities or nonce.
	wp_die( esc_attr__( 'You don\'t belong here.', 'ajax-load-more' ) );
	}

	if ( ! wp_verify_nonce( $form_data['nonce'], 'alm_repeater_nonce' ) ) {
	// Verify nonce.
	wp_die( esc_attr__( 'Error - unable to verify nonce, please try again.', 'ajax-load-more' ) );
	}

	$type = sanitize_text_field( $form_data['type'] );
	$custom = sanitize_text_field( $form_data['custom'] );

	if ( $type === 'default' ) { // Default Layout.
	$path = ALM_PATH . 'admin/includes/layout/' . $type . '.php';

	// Security checker.
	// Note: Confirm directory path does not contain relative path.
	if ( false !== strpos( $path, './' ) ) {
	wp_die( esc_attr__( 'This doesn\'t look right, what are you trying to do?', 'ajax-load-more' ) );
	}

	$content = AjaxLoadMore::alm_get_default_repeater_markup();

	} else {
	if ( $custom === 'true' ) {
	// Custom Layout.
	$dir = 'alm_layouts';
	if ( is_child_theme() ) {
	$path = get_stylesheet_directory() . '/' . $dir . '/' . $type;
	// if child theme does not have the layout, check the parent theme.
	if ( ! file_exists( $path ) ) {
	$path = get_template_directory() . '/' . $dir . '/' . $type;
	}
	} else {
	$path = get_template_directory() . '/' . $dir . '/' . $type;
	}

	// Security checker.
	// Note: Confirm directory path does not contain relative path.
	if ( false !== strpos( $path, './' ) ) {
	wp_die();
	}

	// phpcs:ignore
	$content = file_get_contents( $path );

	} else {
	// Layouts Add-on.
	$path = ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php';

	// Security checker.
	// Note: Confirm directory path does not contain relative path.
	if ( false !== strpos( $path, './' ) ) {
	wp_die();
	}
	// phpcs:ignore
	$content = file_get_contents( ALM_LAYOUTS_PATH . 'layouts/' . $type . '.php' );
	}
	}

	$return['value'] = $content;
	echo wp_json_encode( $return );
	wp_die();
	}