From 107e8c390642f4c12bcf9ad6f8255f732cdbadcd Mon Sep 17 00:00:00 2001 From: javilanz Date: Mon, 18 Apr 2011 15:00:43 +0000 Subject: [PATCH] 2011-04-18 Javier Lanz * include/functions_filemanager.php: Fixed a problem with html entities * include/get_file.php: Added base64_decode for getting a get parameter Fixes: #3286063 git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4237 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 7 +++++++ pandora_console/include/functions_filemanager.php | 11 +++++++---- pandora_console/include/get_file.php | 1 + 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 13aa296ac8..88bfd8477f 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2011-04-18 Javier Lanz + + * include/functions_filemanager.php: Fixed a problem with html entities + * include/get_file.php: Added base64_decode for getting a get parameter + + Fixes: #3286063 + 2011-04-18 Miguel de Dios * include/functions_graph.php, include/graphs/functions_pchart.php, diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index 4e46e637be..b20e8ee190 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -193,12 +193,14 @@ if ($create_text_file) { return; } - $filename = get_parameter('name_file'); + $filename = safe_output(get_parameter('name_file')); if ($filename != "") { $real_directory = (string) get_parameter('real_directory'); + $real_directory = safe_output($real_directory); $directory = (string) get_parameter ('directory'); + $directory = safe_output($directory); $hash = get_parameter('hash', ''); $testHash = md5($real_directory . $directory . $config['dbpass']); @@ -227,7 +229,7 @@ if ($create_text_file) { } } -// Upload file +// Upload zip if ($upload_zip) { // Load global vars global $config; @@ -296,7 +298,7 @@ if ($create_dir) { $config['filemanager']['message'] = null; $directory = (string) get_parameter ('directory', "/"); - + $directory = safe_output($directory); $hash = get_parameter('hash', ''); $testHash = md5($directory . $config['dbpass']); @@ -305,6 +307,7 @@ if ($create_dir) { } else { $dirname = (string) get_parameter ('dirname'); + $dirname = safe_output($dirname); if ($dirname != '') { @mkdir ($directory.'/'.$dirname); $config['filemanager']['message'] = '

'.__('Created directory').'

'; @@ -327,7 +330,7 @@ if ($delete_file) { $config['filemanager']['message'] = null; $filename = (string) get_parameter ('filename'); - + $filename = safe_output($filename); $hash = get_parameter('hash', ''); $testHash = md5($filename . $config['dbpass']); diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php index 14cb22d82f..df08ccd32a 100644 --- a/pandora_console/include/get_file.php +++ b/pandora_console/include/get_file.php @@ -28,6 +28,7 @@ check_login (); $styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;"; $file = get_parameter('file', null); +$file = base64_decode($file); $chunks = explode('/', $file); $nameFile = end($chunks);