Révision 9ddd3418
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/pkg_edit.php | ||
---|---|---|
65 | 65 |
$xml = htmlspecialchars($_GET['xml']); |
66 | 66 |
if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); |
67 | 67 |
|
68 |
if($xml == "") { |
|
68 |
$xml = basename($xml); |
|
69 |
|
|
70 |
if ($xml == "") { |
|
69 | 71 |
print_info_box_np(gettext("ERROR: No package defined.")); |
70 | 72 |
die; |
73 |
} else if (!file_exists('/usr/local/pkg/' . $xml)) { |
|
74 |
print_info_box_np(gettext("ERROR: XML file not found")); |
|
75 |
die; |
|
71 | 76 |
} else { |
72 | 77 |
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui"); |
73 | 78 |
} |
Formats disponibles : Unified diff
Avoid directory traversal when reading package xml files, also check if file exists before try to read it