diff options
author | jim-p <jimp@pfsense.org> | 2015-09-28 13:46:58 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-28 13:46:58 -0400 |
commit | 635ee4eb05b2ca97b3b7e4a909f5d01d57563c3a (patch) | |
tree | 8ef8d33be879f8d5c62d1bca12b6f504c9b0477a /usr/local | |
parent | a5bf7adb7bebefbfcae1ab6c1d075ef390cc0b77 (diff) | |
download | pfsense-635ee4eb05b2ca97b3b7e4a909f5d01d57563c3a.zip pfsense-635ee4eb05b2ca97b3b7e4a909f5d01d57563c3a.tar.gz |
Ensure this only contains a partial name, not a path, before attempting to craft a full name and read the file. Fixes #5203.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/diag_confbak.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php index bf6c3f2..dac115b 100644 --- a/usr/local/www/diag_confbak.php +++ b/usr/local/www/diag_confbak.php @@ -73,6 +73,7 @@ if (isset($_POST['backupcount'])) { } if($_GET['getcfg'] != "") { + $_GET['getcfg'] = basename($_GET['getcfg']); $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); |