From a190305e1282bb6c8ea33625c67eead0ea3d8e54 Mon Sep 17 00:00:00 2001
From: vgilc <vanessa.gil@artica.es>
Date: Wed, 10 Aug 2011 15:22:46 +0000
Subject: [PATCH] 2011-08-10  Vanessa Gil  <vanessa.gil@artica.es>

	* unix/pandora_agent.php: Fixed error reading collections of the configuration file.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4707 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_agents/ChangeLog          | 4 ++++
 pandora_agents/unix/pandora_agent | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pandora_agents/ChangeLog b/pandora_agents/ChangeLog
index cc896ccbbe..cc84a14157 100644
--- a/pandora_agents/ChangeLog
+++ b/pandora_agents/ChangeLog
@@ -1,3 +1,7 @@
+2011-08-10  Vanessa Gil  <vanessa.gil@artica.es>
+
+	* unix/pandora_agent.php: Fixed error reading collections of the configuration file.
+	
 2011-08-09  Miguel de Dios  <miguel.dedios@artica.es>
 
 	* DEBIAN/control: fixed the name of package and update version number.
diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent
index 76fbf31c34..8713b98eed 100755
--- a/pandora_agents/unix/pandora_agent
+++ b/pandora_agents/unix/pandora_agent
@@ -420,6 +420,11 @@ sub parse_conf_modules($) {
 		# Collection
 		} elsif ($line =~ /^\s*file_collection\s+(.+)$/) {
 			my $collection = $1;
+			
+			# Prevent path traversal attacks
+			if ($collection !~ m/(\.\.)|\//) {
+				$Collections{$collection} = 0;
+			}
 		# Min critical
 		} elsif ($line =~ /^\s*module_min_critical\s+(.*)\s*$/) {
 			$module->{'min_critical'} = $1;
@@ -516,7 +521,7 @@ sub read_config (;$) {
 			
 			# Remove trailing spaces
 			$Conf{$1} =~ s/\s*$//;
-		}		
+		}	
 	}
 
 	# Module, plugin and collection definition