From da1c74e9dbfa6da94aa144777a19af8ba3c90e70 Mon Sep 17 00:00:00 2001
From: Daniel Cebrian <daniel.cebrian@pandorafms.com>
Date: Fri, 2 Feb 2024 14:04:37 +0100
Subject: [PATCH] #12751 fixed path with spaces and vul

---
 pandora_console/godmode/servers/plugin.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pandora_console/godmode/servers/plugin.php b/pandora_console/godmode/servers/plugin.php
index d8bc3b47b9..991ed52855 100644
--- a/pandora_console/godmode/servers/plugin.php
+++ b/pandora_console/godmode/servers/plugin.php
@@ -215,7 +215,7 @@ if ($create != '') {
 // =====================================================================
 if ($filemanager) {
     if ($edit_file) {
-        $location_file = get_parameter('location_file', '');
+        $location_file = io_safe_output(get_parameter('location_file', ''));
         $filename = array_pop(explode('/', $location_file));
         $file = file_get_contents($location_file);
         echo '<h4>'.__('Edit file').' '.$filename.'</h4>';
@@ -250,7 +250,7 @@ if ($filemanager) {
         echo '</form>';
     } else {
         if ($update_file) {
-            $location_file = get_parameter('location_file', '');
+            $location_file = io_safe_output(get_parameter('location_file', ''));
             $contentFile = io_safe_output(get_parameter('content_file', ''));
             $compatibility = get_parameter('compatibility', 'unix');
             $is_win_compatible = strpos($contentFile, "\r\n");
@@ -262,7 +262,10 @@ if ($filemanager) {
                 $contentFile = str_replace("\n", "\r\n", $contentFile);
             }
 
-            if (empty($location_file) === false && file_exists($location_file) === true) {
+            if (empty($location_file) === false
+                && strpos($location_file, realpath('attachment/plugin')) !== false
+                && file_exists($location_file) === true
+            ) {
                 $result = file_put_contents($location_file, $contentFile);
             }
         }