diff options
author | jim-p <jimp@pfsense.org> | 2015-09-28 13:44:48 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-28 13:44:48 -0400 |
commit | 3b63506685babe9d7ea45212889a00700be4c917 (patch) | |
tree | 04b572624f6194aa0c88c378719976cb2cac8163 /src | |
parent | f8cc55bfffc33ffe02c1cc06a702d27064d54b93 (diff) | |
download | pfsense-3b63506685babe9d7ea45212889a00700be4c917.zip pfsense-3b63506685babe9d7ea45212889a00700be4c917.tar.gz |
Ensure this only contains a partial name, not a path, before attempting to craft a full name and read the file. Fixes #5203.
Diffstat (limited to 'src')
-rw-r--r-- | src/usr/local/www/diag_confbak.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/usr/local/www/diag_confbak.php b/src/usr/local/www/diag_confbak.php index b048f5e..c74f28f 100644 --- a/src/usr/local/www/diag_confbak.php +++ b/src/usr/local/www/diag_confbak.php @@ -75,6 +75,7 @@ if (isset($_POST['backupcount'])) { } if ($_GET['getcfg'] != "") { + $_GET['getcfg'] = basename($_GET['getcfg']); $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); |