Limit captive portal uploads to /tmp/captiveportal which has no access to write files.

1 files changed, 6 insertions, 2 deletions

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 64e4a60..74887ca 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -748,11 +748,15 @@ function system_generate_lighty_config($filename,
 			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
 		else
 			$captive_portal_mod_evasive = "";
+		$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
+		exec("mkdir -p /tmp/captiveportal");
+		exec("chmod a-w /tmp/captiveportal");
 	} else {
 		$captive_portal_module = "";
 		$captive_portal_mod_evasive = "";
+		$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n";
 	}
-
+	
 	if($port <> "")
 		$lighty_port = $port;
 	else
@@ -964,7 +968,7 @@ debug.log-file-not-found   = "disable"
 
 #server.network-backend = "writev"
 
-server.upload-dirs = ( "{$g['upload_path']}/", "/tmp/", "/var/" )
+{$server_upload_dirs}
 
 server.max-request-size = 2097152