Revision 44bcf766
Added by Jim Pingle almost 10 years ago
| src/usr/local/www/pkg.php | ||
|---|---|---|
| 83 | 83 |
include("foot.inc");
|
| 84 | 84 |
exit; |
| 85 | 85 |
} else {
|
| 86 |
if (file_exists("/usr/local/pkg/" . $xml)) {
|
|
| 87 |
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
|
|
| 86 |
$pkg_xml_prefix = "/usr/local/pkg/"; |
|
| 87 |
$pkg_full_path = "{$pkg_xml_prefix}/{$xml}";
|
|
| 88 |
if (substr_compare(realpath($pkg_full_path), $pkg_xml_prefix, 0, strlen($pkg_xml_prefix))) {
|
|
| 89 |
print_info_box_np(gettext("ERROR: Invalid path specified."));
|
|
| 90 |
die; |
|
| 91 |
} |
|
| 92 |
if (file_exists($pkg_full_path)) {
|
|
| 93 |
$pkg = parse_xml_config_pkg($pkg_full_path, "packagegui"); |
|
| 88 | 94 |
} else {
|
| 89 | 95 |
include("head.inc");
|
| 90 | 96 |
print_info_box_np(gettext("File not found ") . htmlspecialchars($xml));
|
Also available in: Unified diff
Address a potential LFI in pkg.php and wizard.php without breaking the ability to pass relative paths Restricts them to files under their intended base directories.