diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 10:33:05 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 10:33:18 -0300 |
commit | 69eb2e295fbbea1ff16d4b20e7e056b70469aad4 (patch) | |
tree | 580033e26b9719b11b56e8ce917c0ac78535bb9b | |
parent | d09ff9ef322608ea8c496121faccd3d778e71e25 (diff) | |
download | pfsense-69eb2e295fbbea1ff16d4b20e7e056b70469aad4.zip pfsense-69eb2e295fbbea1ff16d4b20e7e056b70469aad4.tar.gz |
Avoid directory traversal when reading package xml files, also check if file exists before try to read it
-rw-r--r-- | usr/local/www/pkg_edit.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 792ac43..9fb48fc 100644 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -65,9 +65,14 @@ function domTT_title($title_msg){ $xml = htmlspecialchars($_GET['xml']); if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); -if($xml == "") { +$xml = basename($xml); + +if ($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); die; +} else if (!file_exists('/usr/local/pkg/' . $xml)) { + print_info_box_np(gettext("ERROR: XML file not found")); + die; } else { $pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui"); } |