summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-06-17 11:17:15 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-06-17 11:17:15 -0300
commit1cfe54900afbf48a59e672e73b78746ce2731750 (patch)
treeef39c0dcb35972f50171a27ca1723037f6111e5b /usr/local/www
parent73944f68242b4708477054fd4e433fed4bd0cb1b (diff)
downloadpfsense-1cfe54900afbf48a59e672e73b78746ce2731750.zip
pfsense-1cfe54900afbf48a59e672e73b78746ce2731750.tar.gz
Remove . and / from pkg name to avoid directory traversal
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/pkg_mgr_install.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php
index 9465153..e547074 100755
--- a/usr/local/www/pkg_mgr_install.php
+++ b/usr/local/www/pkg_mgr_install.php
@@ -108,11 +108,11 @@ if ($_POST) {
</tr>
<?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))):
if (empty($_GET['mode']) && $_GET['id']) {
- $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401));
+ $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401));
$pkgmode = 'installed';
} else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) {
- $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
- $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401));
+ $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
+ $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401));
} else if ($_GET['mode'] == 'reinstallall') {
$pkgmode = 'reinstallall';
}
@@ -191,7 +191,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth");
ob_flush();
if ($_GET) {
- $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
+ $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
switch($_GET['mode']) {
case 'showlog':
if (strpos($pkgname, ".")) {
@@ -213,7 +213,7 @@ if ($_GET) {
break;
}
} else if ($_POST) {
- $pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));
+ $pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));
/* All other cases make changes, so mount rw fs */
conf_mount_rw();
OpenPOWER on IntegriCloud