diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 13aa296ac8..88bfd8477f 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2011-04-18 Javier Lanz + + * include/functions_filemanager.php: Fixed a problem with html entities + * include/get_file.php: Added base64_decode for getting a get parameter + + Fixes: #3286063 + 2011-04-18 Miguel de Dios * include/functions_graph.php, include/graphs/functions_pchart.php, diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php index 4e46e637be..b20e8ee190 100644 --- a/pandora_console/include/functions_filemanager.php +++ b/pandora_console/include/functions_filemanager.php @@ -193,12 +193,14 @@ if ($create_text_file) { return; } - $filename = get_parameter('name_file'); + $filename = safe_output(get_parameter('name_file')); if ($filename != "") { $real_directory = (string) get_parameter('real_directory'); + $real_directory = safe_output($real_directory); $directory = (string) get_parameter ('directory'); + $directory = safe_output($directory); $hash = get_parameter('hash', ''); $testHash = md5($real_directory . $directory . $config['dbpass']); @@ -227,7 +229,7 @@ if ($create_text_file) { } } -// Upload file +// Upload zip if ($upload_zip) { // Load global vars global $config; @@ -296,7 +298,7 @@ if ($create_dir) { $config['filemanager']['message'] = null; $directory = (string) get_parameter ('directory', "/"); - + $directory = safe_output($directory); $hash = get_parameter('hash', ''); $testHash = md5($directory . $config['dbpass']); @@ -305,6 +307,7 @@ if ($create_dir) { } else { $dirname = (string) get_parameter ('dirname'); + $dirname = safe_output($dirname); if ($dirname != '') { @mkdir ($directory.'/'.$dirname); $config['filemanager']['message'] = '

'.__('Created directory').'

'; @@ -327,7 +330,7 @@ if ($delete_file) { $config['filemanager']['message'] = null; $filename = (string) get_parameter ('filename'); - + $filename = safe_output($filename); $hash = get_parameter('hash', ''); $testHash = md5($filename . $config['dbpass']); diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php index 14cb22d82f..df08ccd32a 100644 --- a/pandora_console/include/get_file.php +++ b/pandora_console/include/get_file.php @@ -28,6 +28,7 @@ check_login (); $styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;"; $file = get_parameter('file', null); +$file = base64_decode($file); $chunks = explode('/', $file); $nameFile = end($chunks);