Révision 9ddd3418
Ajouté par Renato Botelho il y a presque 10 ans
| usr/local/www/pkg_edit.php | ||
|---|---|---|
| 65 | 65 |
$xml = htmlspecialchars($_GET['xml']); |
| 66 | 66 |
if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); |
| 67 | 67 |
|
| 68 |
if($xml == "") {
|
|
| 68 |
$xml = basename($xml); |
|
| 69 |
|
|
| 70 |
if ($xml == "") {
|
|
| 69 | 71 |
print_info_box_np(gettext("ERROR: No package defined."));
|
| 70 | 72 |
die; |
| 73 |
} else if (!file_exists('/usr/local/pkg/' . $xml)) {
|
|
| 74 |
print_info_box_np(gettext("ERROR: XML file not found"));
|
|
| 75 |
die; |
|
| 71 | 76 |
} else {
|
| 72 | 77 |
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
|
| 73 | 78 |
} |
Formats disponibles : Unified diff
Avoid directory traversal when reading package xml files, also check if file exists before try to read it