From 3306a341fbde5d83258af9ad9031293cd33762d4 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 10 Dec 2007 21:52:59 +0000
Subject: Limit captive portal uploads to /tmp/captiveportal which has no
 access to write files.

---
 etc/inc/system.inc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 64e4a60..74887ca 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -748,11 +748,15 @@ function system_generate_lighty_config($filename,
 			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
 		else
 			$captive_portal_mod_evasive = "";
+		$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
+		exec("mkdir -p /tmp/captiveportal");
+		exec("chmod a-w /tmp/captiveportal");
 	} else {
 		$captive_portal_module = "";
 		$captive_portal_mod_evasive = "";
+		$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n";
 	}
-
+	
 	if($port <> "")
 		$lighty_port = $port;
 	else
@@ -964,7 +968,7 @@ debug.log-file-not-found   = "disable"
 
 #server.network-backend = "writev"
 
-server.upload-dirs = ( "{$g['upload_path']}/", "/tmp/", "/var/" )
+{$server_upload_dirs}
 
 server.max-request-size = 2097152
 
-- 
cgit v1.1