From 107e8c390642f4c12bcf9ad6f8255f732cdbadcd Mon Sep 17 00:00:00 2001
From: javilanz <javi.lanz@gmail.com>
Date: Mon, 18 Apr 2011 15:00:43 +0000
Subject: [PATCH] 2011-04-18 Javier Lanz <javier.lanz@artica.es>

	* include/functions_filemanager.php: Fixed a problem with html entities
	* include/get_file.php: Added base64_decode for getting a get parameter

	Fixes: #3286063


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4237 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                         |  7 +++++++
 pandora_console/include/functions_filemanager.php | 11 +++++++----
 pandora_console/include/get_file.php              |  1 +
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 13aa296ac8..88bfd8477f 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,10 @@
+2011-04-18 Javier Lanz <javier.lanz@artica.es>
+
+	* include/functions_filemanager.php: Fixed a problem with html entities
+	* include/get_file.php: Added base64_decode for getting a get parameter
+
+	Fixes: #3286063
+
 2011-04-18 Miguel de Dios  <miguel.dedios@artica.es>
 
 	* include/functions_graph.php, include/graphs/functions_pchart.php,
diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index 4e46e637be..b20e8ee190 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -193,12 +193,14 @@ if ($create_text_file) {
 		return;
 	}
 	
-	$filename = get_parameter('name_file');
+	$filename = safe_output(get_parameter('name_file'));
 	
 	if ($filename != "") {
 
 		$real_directory = (string) get_parameter('real_directory');
+		$real_directory = safe_output($real_directory);
 		$directory = (string) get_parameter ('directory');
+		$directory = safe_output($directory);
 		
 		$hash = get_parameter('hash', '');
 		$testHash = md5($real_directory . $directory . $config['dbpass']);
@@ -227,7 +229,7 @@ if ($create_text_file) {
 	}
 }
 
-// Upload file
+// Upload zip
 if ($upload_zip) {
 	// Load global vars
 	global $config;
@@ -296,7 +298,7 @@ if ($create_dir) {
 	$config['filemanager']['message'] = null;
 	
 	$directory = (string) get_parameter ('directory', "/");
-	
+	$directory = safe_output($directory);
 	$hash = get_parameter('hash', '');
 	$testHash = md5($directory . $config['dbpass']);
 	
@@ -305,6 +307,7 @@ if ($create_dir) {
 	}
 	else {
 		$dirname = (string) get_parameter ('dirname');
+		$dirname = safe_output($dirname);
 		if ($dirname != '') {
 			@mkdir ($directory.'/'.$dirname);
 			$config['filemanager']['message'] = '<h4 class="suc">'.__('Created directory').'</h4>';
@@ -327,7 +330,7 @@ if ($delete_file) {
 	$config['filemanager']['message'] = null;
 	
 	$filename = (string) get_parameter ('filename');
-	
+	$filename = safe_output($filename);
 	$hash = get_parameter('hash', '');
 	$testHash = md5($filename . $config['dbpass']);
 	
diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index 14cb22d82f..df08ccd32a 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -28,6 +28,7 @@ check_login ();
 $styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;";
 
 $file = get_parameter('file', null);
+$file = base64_decode($file);
 $chunks = explode('/', $file); 
 $nameFile = end($chunks);