Avoid directory traversal when reading package xml files, also check if file exists before try to read it

author: Renato Botelho <garga@FreeBSD.org> 2014-06-17 10:33:05 -0300
committer: Renato Botelho <garga@FreeBSD.org> 2014-06-17 10:33:18 -0300
commit: 69eb2e295fbbea1ff16d4b20e7e056b70469aad4 (patch)
tree: 580033e26b9719b11b56e8ce917c0ac78535bb9b /usr/local/www/pkg_edit.php
parent: d09ff9ef322608ea8c496121faccd3d778e71e25 (diff)
download: pfsense-69eb2e295fbbea1ff16d4b20e7e056b70469aad4.zip
pfsense-69eb2e295fbbea1ff16d4b20e7e056b70469aad4.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php
index 792ac43..9fb48fc 100644
--- a/usr/local/www/pkg_edit.php
+++ b/usr/local/www/pkg_edit.php
@@ -65,9 +65,14 @@ function domTT_title($title_msg){
 $xml = htmlspecialchars($_GET['xml']);
 if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']);
 
-if($xml == "") {
+$xml = basename($xml);
+
+if ($xml == "") {
             print_info_box_np(gettext("ERROR: No package defined."));
             die;
+} else if (!file_exists('/usr/local/pkg/' . $xml)) {
+            print_info_box_np(gettext("ERROR: XML file not found"));
+            die;
 } else {
             $pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
 }
author	Renato Botelho <garga@FreeBSD.org>	2014-06-17 10:33:05 -0300
committer	Renato Botelho <garga@FreeBSD.org>	2014-06-17 10:33:18 -0300
commit	69eb2e295fbbea1ff16d4b20e7e056b70469aad4 (patch)
tree	580033e26b9719b11b56e8ce917c0ac78535bb9b /usr/local/www/pkg_edit.php
parent	d09ff9ef322608ea8c496121faccd3d778e71e25 (diff)
download	pfsense-69eb2e295fbbea1ff16d4b20e7e056b70469aad4.zip pfsense-69eb2e295fbbea1ff16d4b20e7e056b70469aad4.tar.gz