From f0394a034017cb78adb3e0136cc08030f49ed71a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 31 Aug 2009 15:18:19 -0400 Subject: Add function that extracts etc/platform from an upgrade file and compares to the file on disk. This replaces the dumb filename platform check. --- usr/local/www/system_firmware.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php index 948c97d..373d7ea 100755 --- a/usr/local/www/system_firmware.php +++ b/usr/local/www/system_firmware.php @@ -39,6 +39,7 @@ ##|-PRIV $d_isfwfile = 1; +require_once("globals.inc"); require_once("guiconfig.inc"); $curcfg = $config['system']['firmware']; @@ -49,6 +50,19 @@ require_once("xmlrpc_client.inc"); ini_set('max_execution_time', '9999'); ini_set('max_input_time', '9999'); +function file_is_for_platform($filename) { + global $g; + exec("tar xzf $fiename -C /tmp/ etc/platform"); + if(!file_exists("/tmp/etc/platform")) + return false; + $upgrade_is_for_platform = trim(file_get_contents("/tmp/etc/platform")); + if($g['platform'] == $upgrade_is_for_platform) { + unlink_file("/tmp/etc/platform"); + return true; + } + return false; +} + function file_upload_error_message($error_code) { switch ($error_code) { case UPLOAD_ERR_INI_SIZE: @@ -120,7 +134,7 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) { $errortext = "(" . file_upload_error_message($_FILES['ulfile']['error']) . ")"; if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) { /* verify firmware image(s) */ - if (!stristr($_FILES['ulfile']['name'], $g['platform']) && !$_POST['sig_override']) + if (!file_is_for_platform($_FILES['ulfile']['tmp_name']) && !$_POST['sig_override']) $input_errors[] = "The uploaded image file is not for this platform ({$g['platform']})."; else if (!file_exists($_FILES['ulfile']['tmp_name'])) { /* probably out of memory for the MFS */ -- cgit v1.1