diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-10 21:52:59 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-10 21:52:59 +0000 |
commit | 3306a341fbde5d83258af9ad9031293cd33762d4 (patch) | |
tree | 3d31ec15262c00d2b8d3aad6cdde67be42267307 /etc | |
parent | 0bd546d38f90a5f490f246c1628685b7f3926c48 (diff) | |
download | pfsense-3306a341fbde5d83258af9ad9031293cd33762d4.zip pfsense-3306a341fbde5d83258af9ad9031293cd33762d4.tar.gz |
Limit captive portal uploads to /tmp/captiveportal which has no access to write files.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/system.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 64e4a60..74887ca 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -748,11 +748,15 @@ function system_generate_lighty_config($filename, $captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}"; else $captive_portal_mod_evasive = ""; + $server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n"; + exec("mkdir -p /tmp/captiveportal"); + exec("chmod a-w /tmp/captiveportal"); } else { $captive_portal_module = ""; $captive_portal_mod_evasive = ""; + $server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n"; } - + if($port <> "") $lighty_port = $port; else @@ -964,7 +968,7 @@ debug.log-file-not-found = "disable" #server.network-backend = "writev" -server.upload-dirs = ( "{$g['upload_path']}/", "/tmp/", "/var/" ) +{$server_upload_dirs} server.max-request-size = 2097152 |