#11780 Fix mibs upload

2025-07-31 01:35:36 +02:00 · 2023-08-28 10:45:42 +02:00 · 2023-08-28 10:45:42 +02:00 · e8613dc2f0
commit e8613dc2f0
parent 44467d1ce1
1 changed files with 23 additions and 11 deletions
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@ -128,8 +128,19 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
            $extension = pathinfo($filename, PATHINFO_EXTENSION);
            $umask          = io_safe_output((string) get_parameter('umask'));
            $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
            $parse_sec2_query = explode('=', $parse_all_queries[1]);
            $check_extension = true;
            if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') {
                if ((strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) {
                    $check_extension = false;
                } else {
                    $check_extension = true;
                }
            }
-            if (strpos($real_directory, $default_real_directory) !== 0 || (strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')) {
+            // (strtolower($extension) !== 'mib' && strtolower($extension) !== 'zip')
            if (strpos($real_directory, $default_real_directory) !== 0 || $check_extension === false) {
                // Perform security check to determine whether received upload
                // directory is part of the default path for caller uploader and
                // user is not trying to access an external path (avoid
@ -185,17 +196,18 @@ function upload_file($upload_file_or_zip, $default_real_directory, $destination_
            $filename = $_FILES['file']['name'];
            $filepath = $_FILES['file']['tmp_name'];
            $real_directory = filemanager_safe_directory($destination_directory);
            // Security control structure.
            $zip = new \ZipArchive;
            $secure = true;
-            if ($zip->open($filepath) === true) {
+            if ($parse_sec2_query[1] === 'operation/snmpconsole/snmp_mib_uploader') {
-                for ($i = 0; $i < $zip->numFiles; $i++) {
+                // Security control structure.
-                    $unzip_filename = $zip->getNameIndex($i);
+                $zip = new \ZipArchive;
-                    $extension = pathinfo($unzip_filename, PATHINFO_EXTENSION);
+                if ($zip->open($filepath) === true) {
-                    if (strtolower($extension) !== 'mib') {
+                    for ($i = 0; $i < $zip->numFiles; $i++) {
-                        $secure = false;
+                        $unzip_filename = $zip->getNameIndex($i);
-                        break;
+                        $extension = pathinfo($unzip_filename, PATHINFO_EXTENSION);
                        if (strtolower($extension) !== 'mib') {
                            $secure = false;
                            break;
                        }
                    }
                }
            }