Révision c2865098
Ajouté par Renato Botelho il y a presque 10 ans
| usr/local/www/pkg_edit.php | ||
|---|---|---|
| 65 | 65 |
$xml = htmlspecialchars($_GET['xml']); |
| 66 | 66 |
if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); |
| 67 | 67 |
|
| 68 |
$xml = basename($xml);
|
|
| 68 |
$xml_fullpath = realpath('/usr/local/pkg/' . $xml);
|
|
| 69 | 69 |
|
| 70 |
if ($xml == "") {
|
|
| 71 |
print_info_box_np(gettext("ERROR: No package defined."));
|
|
| 72 |
die; |
|
| 73 |
} else if (!file_exists('/usr/local/pkg/' . $xml)) {
|
|
| 74 |
print_info_box_np(gettext("ERROR: XML file not found"));
|
|
| 70 |
if ($xml == "" || $xml_fullpath === false || |
|
| 71 |
substr($xml_fullpath, 0, strlen('/usr/local/pkg/')) != '/usr/local/pkg/') {
|
|
| 72 |
print_info_box_np(gettext("ERROR: No valid package defined."));
|
|
| 75 | 73 |
die; |
| 76 | 74 |
} else {
|
| 77 |
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
|
|
| 75 |
$pkg = parse_xml_config_pkg($xml_fullpath, "packagegui");
|
|
| 78 | 76 |
} |
| 79 | 77 |
|
| 80 | 78 |
if($pkg['include_file'] <> "") {
|
Formats disponibles : Unified diff
We need to allow subdirectories under /usr/local/pkg, here is the proper fix