tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-12751-path-traversal-and-untrusted-upload-file' into 'develop' 

Ent 12751 Path Traversal and Untrusted Upload File

See merge request artica/pandorafms!6905
This commit is contained in:
Rafael Ameijeiras 2024-02-06 07:59:50 +00:00
parent 1ae069ce12 da1c74e9db
commit 542d1c2b51
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pandora_console/godmode/servers/plugin.php
View File

@ -215,7 +215,7 @@ if ($create != '') {
// =====================================================================
if ($filemanager) {
if ($edit_file) {
$location_file = get_parameter('location_file', '');
$location_file = io_safe_output(get_parameter('location_file', ''));
$filename = array_pop(explode('/', $location_file));
$file = file_get_contents($location_file);
echo '<h4>'.__('Edit file').' '.$filename.'</h4>';
@ -250,7 +250,7 @@ if ($filemanager) {
echo '</form>';
} else {
if ($update_file) {
$location_file = get_parameter('location_file', '');
$location_file = io_safe_output(get_parameter('location_file', ''));
$contentFile = io_safe_output(get_parameter('content_file', ''));
$compatibility = get_parameter('compatibility', 'unix');
$is_win_compatible = strpos($contentFile, "\r\n");
@ -262,7 +262,12 @@ if ($filemanager) {
$contentFile = str_replace("\n", "\r\n", $contentFile);
}
$result = file_put_contents($location_file, $contentFile);
if (empty($location_file) === false
&& strpos($location_file, realpath('attachment/plugin')) !== false
&& file_exists($location_file) === true
) {
$result = file_put_contents($location_file, $contentFile);
}
}
$id_plugin = (int) get_parameter('id_plugin', 0);