summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-06-17 13:46:01 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-06-17 13:47:46 -0300
commit62480a449efcbce74a48fbe7064193acd0290650 (patch)
treea15931bbb34f5d923c32c6ffaeb789c678517c2e /usr/local
parent7be297a2cea1957f969e0bf95df93e993958016f (diff)
downloadpfsense-62480a449efcbce74a48fbe7064193acd0290650.zip
pfsense-62480a449efcbce74a48fbe7064193acd0290650.tar.gz
Avoid directory traversal on restorefullbackup
Diffstat (limited to 'usr/local')
-rwxr-xr-xusr/local/www/system_firmware_restorefullbackup.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/system_firmware_restorefullbackup.php b/usr/local/www/system_firmware_restorefullbackup.php
index d671fc2..6fa7041 100755
--- a/usr/local/www/system_firmware_restorefullbackup.php
+++ b/usr/local/www/system_firmware_restorefullbackup.php
@@ -59,9 +59,9 @@ if($_GET['backupnow'])
mwexec_bg("/etc/rc.create_full_backup");
if($_GET['downloadbackup']) {
- $filename = $_GET['downloadbackup'];
+ $filename = basename($_GET['downloadbackup']);
$path = "/root/{$filename}";
- if(file_exists("/root/{$filename}")) {
+ if(file_exists($path)) {
session_write_close();
ob_end_clean();
session_cache_limiter('public');
OpenPOWER on IntegriCloud