From 635ee4eb05b2ca97b3b7e4a909f5d01d57563c3a Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 28 Sep 2015 13:46:58 -0400 Subject: Ensure this only contains a partial name, not a path, before attempting to craft a full name and read the file. Fixes #5203. --- usr/local/www/diag_confbak.php | 1 + 1 file changed, 1 insertion(+) (limited to 'usr') diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php index bf6c3f2..dac115b 100644 --- a/usr/local/www/diag_confbak.php +++ b/usr/local/www/diag_confbak.php @@ -73,6 +73,7 @@ if (isset($_POST['backupcount'])) { } if($_GET['getcfg'] != "") { + $_GET['getcfg'] = basename($_GET['getcfg']); $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); -- cgit v1.1