Révision 1cfe5490
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/pkg_mgr_install.php | ||
---|---|---|
108 | 108 |
</tr> |
109 | 109 |
<?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))): |
110 | 110 |
if (empty($_GET['mode']) && $_GET['id']) { |
111 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); |
|
111 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401));
|
|
112 | 112 |
$pkgmode = 'installed'; |
113 | 113 |
} else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) { |
114 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); |
|
115 |
$pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); |
|
114 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
115 |
$pkgmode = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401));
|
|
116 | 116 |
} else if ($_GET['mode'] == 'reinstallall') { |
117 | 117 |
$pkgmode = 'reinstallall'; |
118 | 118 |
} |
... | ... | |
191 | 191 |
ob_flush(); |
192 | 192 |
|
193 | 193 |
if ($_GET) { |
194 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); |
|
194 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
195 | 195 |
switch($_GET['mode']) { |
196 | 196 |
case 'showlog': |
197 | 197 |
if (strpos($pkgname, ".")) { |
... | ... | |
213 | 213 |
break; |
214 | 214 |
} |
215 | 215 |
} else if ($_POST) { |
216 |
$pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); |
|
216 |
$pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));
|
|
217 | 217 |
|
218 | 218 |
/* All other cases make changes, so mount rw fs */ |
219 | 219 |
conf_mount_rw(); |
Formats disponibles : Unified diff
Remove . and / from pkg name to avoid directory traversal