class TemplateController
{
public function get(string $template): string
{
return file_get_contents(_DIST . '/resources/templates/' . $template . '.html');
}
}
I use $_GET or a direct argument to the address bar to import a template from SPA application. Can this cause problems?
I use quotes around the input to run commend to access inaccessible files, etc.
It would be possible for someone to pass a value to the $template variable that used ../ or / to navigate out of the directory you have set in the parameter.
In theory they could navigate up to more vulnerable directories and access files you don't want them to.
I would say the best approach to secure against that would be to validate against the input string containing ../ or /
If you know the file name will never have any . or / characters in you could throw a validation error for any string containing any . or / characters.
On top of that, following best practices around setting up your users and permissions on your production server will help to protect you. This thread offers some useful help there: How to set up file permissions for Laravel?
Other than that I can't think of any other vulnerabilities... anyone else?
