tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#12751 fixed path with spaces and vul

This commit is contained in:
Daniel Cebrian 2024-02-02 14:04:37 +01:00
parent 9b57534f2a
commit da1c74e9db
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/godmode/servers/plugin.php
View File

@ -215,7 +215,7 @@ if ($create != '') {
// =====================================================================
if ($filemanager) {
if ($edit_file) {
$location_file = get_parameter('location_file', '');
$location_file = io_safe_output(get_parameter('location_file', ''));
$filename = array_pop(explode('/', $location_file));
$file = file_get_contents($location_file);
echo '<h4>'.__('Edit file').' '.$filename.'</h4>';
@ -250,7 +250,7 @@ if ($filemanager) {
echo '</form>';
} else {
if ($update_file) {
$location_file = get_parameter('location_file', '');
$location_file = io_safe_output(get_parameter('location_file', ''));
$contentFile = io_safe_output(get_parameter('content_file', ''));
$compatibility = get_parameter('compatibility', 'unix');
$is_win_compatible = strpos($contentFile, "\r\n");
@ -262,7 +262,10 @@ if ($filemanager) {
$contentFile = str_replace("\n", "\r\n", $contentFile);
}
if (empty($location_file) === false && file_exists($location_file) === true) {
if (empty($location_file) === false
&& strpos($location_file, realpath('attachment/plugin')) !== false
&& file_exists($location_file) === true
) {
$result = file_put_contents($location_file, $contentFile);
}
}