Révision 7145cd87
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/pkg_mgr_install.php | ||
---|---|---|
105 | 105 |
</tr> |
106 | 106 |
<?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))): |
107 | 107 |
if (empty($_GET['mode']) && $_GET['id']) { |
108 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); |
|
108 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401));
|
|
109 | 109 |
$pkgmode = 'installed'; |
110 | 110 |
} else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) { |
111 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); |
|
112 |
$pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); |
|
111 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
112 |
$pkgmode = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401));
|
|
113 | 113 |
} else if ($_GET['mode'] == 'reinstallall') { |
114 | 114 |
$pkgmode = 'reinstallall'; |
115 | 115 |
} |
... | ... | |
188 | 188 |
ob_flush(); |
189 | 189 |
|
190 | 190 |
if ($_GET) { |
191 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); |
|
191 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
192 | 192 |
switch($_GET['mode']) { |
193 | 193 |
case 'showlog': |
194 | 194 |
if (strpos($pkgname, ".")) { |
... | ... | |
210 | 210 |
break; |
211 | 211 |
} |
212 | 212 |
} else if ($_POST) { |
213 |
$pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); |
|
213 |
$pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));
|
|
214 | 214 |
|
215 | 215 |
/* All other cases make changes, so mount rw fs */ |
216 | 216 |
conf_mount_rw(); |
Formats disponibles : Unified diff
Remove . and / from pkg name to avoid directory traversal