diff options
author | Scott Ullrich <sullrich@gmail.com> | 2011-09-25 23:04:43 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@gmail.com> | 2011-09-25 23:04:43 -0400 |
commit | 9249074503d88b1dd2d6d606d2f71257a1ad6419 (patch) | |
tree | 2bc103ecfe427c984e4db2fc5c5bb4c4a35be1b1 /usr/local | |
parent | f54a278cd386cd510e32320af859c23ade413ddd (diff) | |
download | pfsense-9249074503d88b1dd2d6d606d2f71257a1ad6419.zip pfsense-9249074503d88b1dd2d6d606d2f71257a1ad6419.tar.gz |
Use escapeshellcmd
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/system_firmware_restorefullbackup.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/system_firmware_restorefullbackup.php b/usr/local/www/system_firmware_restorefullbackup.php index bd98241..6d39829 100755 --- a/usr/local/www/system_firmware_restorefullbackup.php +++ b/usr/local/www/system_firmware_restorefullbackup.php @@ -66,9 +66,9 @@ if($_GET['downloadbackup']) { session_cache_limiter('public'); $fd = fopen($filename, "rb"); header("Content-Type: application/octet-stream"); - header("Content-Length: " . filesize("/root/" . $filename)); + header("Content-Length: " . filesize("/root/" . escapeshellcmd($filename))); header("Content-Disposition: attachment; filename=\"" . - trim(htmlentities(basename("/root/" .$filename))) . "\""); + trim(htmlentities(basename("/root/" . escapeshellcmd($filename)))) . "\""); if (isset($_SERVER['HTTPS'])) { header('Pragma: '); header('Cache-Control: '); |