English
English
In PHP, the show_source() function (also known as highlight_file()) is used to display the source code of a specified file with syntax highlighting. It is commonly used for debugging or showcasing code snippets. However, if the input path is not strictly validated when calling show_source(), it may lead to path traversal attacks, which can expose sensitive files and create serious security vulnerabilities.
A path traversal attack occurs when an attacker manipulates the file path parameter to access files on the server that should not be publicly available. Attackers typically use directory traversal symbols like ../ to bypass access restrictions and read sensitive system files (such as /etc/passwd, configuration files, database connection details, etc.), resulting in information leakage.
Example code:
If the input $_GET['file'] is not filtered, an attacker can access any file through a request like:
http://gitbox.net/script.php?file=../../../../etc/passwdThis will cause the server to directly output the content of the /etc/passwd file, leading to severe information leakage.
Restrict Access to a Specific Directory
Only allow files within a predefined directory to be accessed. For example, define the allowed directory as /var/www/html/sources/, and ensure all requests search only within this directory:
Filter and Validate Input
Use the basename() function to remove directory information from the path.
Use realpath() to verify the actual file path, ensuring the file is located within the designated directory.
Confirm the file exists and is a regular file.
Disable Direct User Input of Paths
Prefer using a predefined list of files or an ID mapping table to determine which files to display, instead of allowing users to pass file paths directly.
Disable Source Code Display in Production
Avoid exposing source code display functionality in production environments or set permission restrictions to prevent unauthorized access.
The show_source() function itself does not have inherent security vulnerabilities, but careless handling of input paths can easily lead to path traversal attacks and expose sensitive server information. The key to prevention lies in strictly validating user input paths, restricting file access scope, and avoiding arbitrary paths being passed for execution. Implementing the measures above can effectively prevent path traversal attacks and ensure system security.
