Révision c2865098
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/pkg_edit.php | ||
---|---|---|
65 | 65 |
$xml = htmlspecialchars($_GET['xml']); |
66 | 66 |
if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); |
67 | 67 |
|
68 |
$xml = basename($xml);
|
|
68 |
$xml_fullpath = realpath('/usr/local/pkg/' . $xml);
|
|
69 | 69 |
|
70 |
if ($xml == "") { |
|
71 |
print_info_box_np(gettext("ERROR: No package defined.")); |
|
72 |
die; |
|
73 |
} else if (!file_exists('/usr/local/pkg/' . $xml)) { |
|
74 |
print_info_box_np(gettext("ERROR: XML file not found")); |
|
70 |
if ($xml == "" || $xml_fullpath === false || |
|
71 |
substr($xml_fullpath, 0, strlen('/usr/local/pkg/')) != '/usr/local/pkg/') { |
|
72 |
print_info_box_np(gettext("ERROR: No valid package defined.")); |
|
75 | 73 |
die; |
76 | 74 |
} else { |
77 |
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
|
|
75 |
$pkg = parse_xml_config_pkg($xml_fullpath, "packagegui");
|
|
78 | 76 |
} |
79 | 77 |
|
80 | 78 |
if($pkg['include_file'] <> "") { |
Formats disponibles : Unified diff
We need to allow subdirectories under /usr/local/pkg, here is the proper fix