Revision 3ac02848
Added by Jim Pingle over 9 years ago
| usr/local/www/pkg.php | ||
|---|---|---|
| 56 | 56 |
print_info_box_np(gettext("ERROR: No package defined."));
|
| 57 | 57 |
exit; |
| 58 | 58 |
} else {
|
| 59 |
if(file_exists("/usr/local/pkg/" . $xml))
|
|
| 60 |
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
|
|
| 59 |
$pkg_xml_prefix = "/usr/local/pkg/"; |
|
| 60 |
$pkg_full_path = "{$pkg_xml_prefix}/{$xml}";
|
|
| 61 |
if (substr_compare(realpath($pkg_full_path), $pkg_xml_prefix, 0, strlen($pkg_xml_prefix))) {
|
|
| 62 |
print_info_box_np(gettext("ERROR: Invalid path specified."));
|
|
| 63 |
die; |
|
| 64 |
} |
|
| 65 |
|
|
| 66 |
if(file_exists($pkg_full_path)) |
|
| 67 |
$pkg = parse_xml_config_pkg($pkg_full_path, "packagegui"); |
|
| 61 | 68 |
else {
|
| 62 | 69 |
echo "File not found " . htmlspecialchars($xml); |
| 63 | 70 |
exit; |
| usr/local/www/wizard.php | ||
|---|---|---|
| 66 | 66 |
print_info_box_np(sprintf(gettext("ERROR: Could not open %s."), $xml));
|
| 67 | 67 |
die; |
| 68 | 68 |
} else {
|
| 69 |
if (file_exists("{$g['www_path']}/wizards/{$xml}"))
|
|
| 70 |
$pkg = parse_xml_config_pkg("{$g['www_path']}/wizards/" . $xml, "pfsensewizard");
|
|
| 69 |
$wizard_xml_prefix = "{$g['www_path']}/wizards";
|
|
| 70 |
$wizard_full_path = "{$wizard_xml_prefix}/{$xml}";
|
|
| 71 |
if (substr_compare(realpath($wizard_full_path), $wizard_xml_prefix, 0, strlen($wizard_xml_prefix))) {
|
|
| 72 |
print_info_box_np(gettext("ERROR: Invalid path specified."));
|
|
| 73 |
die; |
|
| 74 |
} |
|
| 75 |
|
|
| 76 |
if (file_exists($wizard_full_path)) |
|
| 77 |
$pkg = parse_xml_config_pkg($wizard_full_path, "pfsensewizard"); |
|
| 71 | 78 |
else {
|
| 72 | 79 |
print_info_box_np(sprintf(gettext("ERROR: Could not open %s."), $xml));
|
| 73 | 80 |
die; |
Also available in: Unified diff
Address a potential LFI in pkg.php and wizard.php without breaking the ability to pass relative paths
Restricts them to files under their intended base directories.