Révision 62480a44
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/system_firmware_restorefullbackup.php | ||
---|---|---|
59 | 59 |
mwexec_bg("/etc/rc.create_full_backup"); |
60 | 60 |
|
61 | 61 |
if($_GET['downloadbackup']) { |
62 |
$filename = $_GET['downloadbackup'];
|
|
62 |
$filename = basename($_GET['downloadbackup']);
|
|
63 | 63 |
$path = "/root/{$filename}"; |
64 |
if(file_exists("/root/{$filename}")) {
|
|
64 |
if(file_exists($path)) {
|
|
65 | 65 |
session_write_close(); |
66 | 66 |
ob_end_clean(); |
67 | 67 |
session_cache_limiter('public'); |
Formats disponibles : Unified diff
Avoid directory traversal on restorefullbackup