Autres
/
RaspAP
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Don't allow to read ini file everywhere on filesystem. 

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
pull/220/head
D9ping 4 years ago
parent
fb7ba20055
commit
182a6509e9
1 changed files with 1 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      ajax/networking/get_int_config.php

3
ajax/networking/get_int_config.php
View File

@ -5,8 +5,7 @@ include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
$int = $_POST['interface'];
// FIXME slashes and other forbidden filename characters not stripped. [security]
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');
}

Write Preview
Loading…
Cancel
Save