James Cole
3 years ago
No known key found for this signature in database
GPG Key ID: B49A324B7EAD6D80
6 changed files with
8 additions and
8 deletions
-
.ci/.env.ci
-
.env.example
-
app/Console/Commands/AutoImport.php
-
app/Console/Commands/Import.php
-
app/Console/HaveAccess.php
-
config/importer.php
|
|
|
@ -108,7 +108,7 @@ CAN_POST_FILES=false |
|
|
|
# |
|
|
|
# This variable can be set from a file if you append it with _FILE |
|
|
|
# |
|
|
|
IMPORT_DIR_WHITELIST= |
|
|
|
IMPORT_DIR_ALLOWLIST= |
|
|
|
|
|
|
|
# |
|
|
|
# When you're running Firefly III under a (self-signed) certificate, |
|
|
|
|
|
|
|
@ -114,7 +114,7 @@ CAN_POST_FILES=false |
|
|
|
# |
|
|
|
# This variable can be set from a file if you append it with _FILE |
|
|
|
# |
|
|
|
IMPORT_DIR_WHITELIST= |
|
|
|
IMPORT_DIR_ALLOWLIST= |
|
|
|
|
|
|
|
# |
|
|
|
# When you're running Firefly III under a (self-signed) certificate, |
|
|
|
|
|
|
|
@ -69,7 +69,7 @@ class AutoImport extends Command |
|
|
|
$argument = (string)($this->argument('directory') ?? './'); |
|
|
|
$directory = realpath($argument); |
|
|
|
if (!$this->isAllowedPath($directory)) { |
|
|
|
$this->error(sprintf('Path "%s" is not in the list of allowed paths (IMPORT_DIR_WHITELIST).', $directory)); |
|
|
|
$this->error(sprintf('Path "%s" is not in the list of allowed paths (IMPORT_DIR_ALLOWLIST).', $directory)); |
|
|
|
|
|
|
|
return 1; |
|
|
|
} |
|
|
|
|
|
|
|
@ -81,7 +81,7 @@ class Import extends Command |
|
|
|
if ('' !== $config) { |
|
|
|
$directory = dirname($config); |
|
|
|
if (!$this->isAllowedPath($directory)) { |
|
|
|
$this->error(sprintf('Path "%s" is not in the list of allowed paths (IMPORT_DIR_WHITELIST).', $directory)); |
|
|
|
$this->error(sprintf('Path "%s" is not in the list of allowed paths (IMPORT_DIR_ALLOWLIST).', $directory)); |
|
|
|
|
|
|
|
return 1; |
|
|
|
} |
|
|
|
@ -89,7 +89,7 @@ class Import extends Command |
|
|
|
if ('' !== $file) { |
|
|
|
$directory = dirname($file); |
|
|
|
if (!$this->isAllowedPath($directory)) { |
|
|
|
$this->error(sprintf('Path "%s" is not in the list of allowed paths (IMPORT_DIR_WHITELIST).', $directory)); |
|
|
|
$this->error(sprintf('Path "%s" is not in the list of allowed paths (IMPORT_DIR_ALLOWLIST).', $directory)); |
|
|
|
|
|
|
|
return 1; |
|
|
|
} |
|
|
|
|
|
|
|
@ -70,8 +70,8 @@ trait HaveAccess |
|
|
|
*/ |
|
|
|
private function isAllowedPath(string $path): bool |
|
|
|
{ |
|
|
|
$error = 'No valid paths in IMPORT_DIR_WHITELIST, cannot continue.'; |
|
|
|
$paths = config('importer.import_dir_whitelist'); |
|
|
|
$error = 'No valid paths in IMPORT_DIR_ALLOWLIST, cannot continue.'; |
|
|
|
$paths = config('importer.IMPORT_DIR_ALLOWLIST'); |
|
|
|
if (null === $paths) { |
|
|
|
$this->warn($error); |
|
|
|
|
|
|
|
|
|
|
|
@ -30,7 +30,7 @@ return [ |
|
|
|
'nordigen' => 'Nordigen', |
|
|
|
'spectre' => 'Spectre', |
|
|
|
], |
|
|
|
'import_dir_whitelist' => explode(',', env('IMPORT_DIR_WHITELIST', '')), |
|
|
|
'import_dir_allowlist' => explode(',', env('IMPORT_DIR_ALLOWLIST', '')), |
|
|
|
'auto_import_secret' => env('AUTO_IMPORT_SECRET', ''), |
|
|
|
'can_post_autoimport' => env('CAN_POST_AUTOIMPORT', false), |
|
|
|
'can_post_files' => env('CAN_POST_FILES', false), |
|
|
|
|
