FIX: Job applicants attachment vulnerability issue. Added index.php f…

…ile in subdirectories
awsmin · Sep 15, 2023 · ad86936 · ad86936
1 parent b8f1e7a
commit ad86936
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/inc/class-awsm-job-openings-form.php b/inc/class-awsm-job-openings-form.php
@@ -33,6 +33,7 @@ public function __construct() {
 		add_action( 'wp_ajax_nopriv_awsm_applicant_form_submission', array( $this, 'ajax_handle' ) );
 
 		add_filter( 'wp_check_filetype_and_ext', array( $this, 'check_filetype_and_ext' ), 10, 5 );
+		add_action( 'add_attachment', array( $this, 'add_index_php_to_folders' ) );
 	}
 
 	public static function init() {
@@ -368,6 +369,21 @@ public function upload_dir( $param ) {
 		return $param;
 	}
 
+	public function add_index_php_to_folders( $attachment_id ) {
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
+		if ( isset( $_POST['action'] ) && $_POST['action'] === 'awsm_applicant_form_submission' ) {
+			$file_path = get_attached_file( $attachment_id );
+			if ( strpos( $file_path, AWSM_JOBS_UPLOAD_DIR_NAME ) !== false ) {
+				$directory_path = dirname( $file_path );
+				$index_php_file = $directory_path . '/index.php';
+				if ( ! file_exists( $index_php_file ) ) {
+					$index_php_content = '<?php\n\n//Silence is golden.\n';
+					file_put_contents( $index_php_file, $index_php_content );
+				}
+			}
+		}
+	}
+
 	public function hashed_file_name( $dir, $name, $ext ) {
 		$file_name = hash( 'sha1', ( $name . uniqid( (string) rand(), true ) ) ) . time();
 		return sanitize_file_name( $file_name . $ext );

diff --git a/wp-job-openings.php b/wp-job-openings.php
@@ -78,6 +78,7 @@ public function __construct() {
 		}
 
 		add_action( 'plugins_loaded', array( $this, 'load_textdomain' ) );
+		add_action( 'plugins_loaded', array( $this, 'upgrade' ) );
 		add_action( 'after_setup_theme', array( $this, 'template_functions' ) );
 		add_action( 'init', array( $this, 'init_actions' ) );
 		add_action( 'wp_head', array( $this, 'awsm_wp_head' ) );
@@ -186,6 +187,27 @@ public function load_textdomain() {
 		load_plugin_textdomain( 'wp-job-openings', false, basename( dirname( __FILE__ ) ) . '/languages' );
 	}
 
+	public function upgrade() {
+		if ( intval( get_option( 'awsm_jobs_upgrade_count' ) ) !== 1 ) {
+			$upload_dir = wp_upload_dir();
+			$base_dir   = trailingslashit( $upload_dir['basedir'] );
+			$upload_dir = $base_dir . AWSM_JOBS_UPLOAD_DIR_NAME;
+			$this->index_to_upload_dir( $upload_dir );
+			update_option( 'awsm_jobs_upgrade_count', 1 );
+		}
+	}
+
+	public function index_to_upload_dir( $dir ) {
+		$index_file = $dir . '/index.php';
+		if ( ! file_exists( $index_file ) ) {
+			file_put_contents( $index_file, "<?php\n\n//Silence is golden.\n" );
+		}
+		$sub_dirs = array_filter( glob( $dir . '/*' ), 'is_dir' );
+		foreach ( $sub_dirs as $sub_dir ) {
+			$this->index_to_upload_dir( $sub_dir );
+		}
+	}
+
 	public function template_functions() {
 		include_once AWSM_JOBS_PLUGIN_DIR . '/inc/template-functions.php';
 	}