tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 00:34:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-8924-XSS-en-File-Manager' into 'develop'

Browse Source 
Ent 8924 xss en file manager

See merge request artica/pandorafms!4855
This commit is contained in:
Daniel Rodriguez 2022-05-12 07:45:41 +00:00
commit f30c400e1b
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/godmode/setup/file_manager.php
View File

@ -63,7 +63,7 @@ if (empty($directory) === true) {
$real_directory = realpath($config['homedir'].'/'.$directory); $real_directory = realpath($config['homedir'].'/'.$directory);
echo '<h4>'.__('Index of %s', $directory).'</h4>'; echo '<h4>'.__('Index of %s', io_safe_input($directory)).'</h4>';
$upload_file = (bool) get_parameter('upload_file'); $upload_file = (bool) get_parameter('upload_file');
$create_text_file = (bool) get_parameter('create_text_file'); $create_text_file = (bool) get_parameter('create_text_file');

6
pandora_console/include/functions_filemanager.php
View File

@ -670,16 +670,16 @@ function filemanager_file_explorer(
} }
if ($fileinfo['is_dir']) { if ($fileinfo['is_dir']) {
$data[1] = '<a href="'.$url.'&directory='.$relative_directory.'/'.$fileinfo['name'].'&hash2='.md5($relative_directory.'/'.$fileinfo['name'].$config['server_unique_identifier']).'">'.$fileinfo['name'].'</a>'; $data[1] = '<a href="'.$url.'&directory='.$relative_directory.'/'.io_safe_input($fileinfo['name']).'&hash2='.md5($relative_directory.'/'.$fileinfo['name'].$config['server_unique_identifier']).'">'.io_safe_input($fileinfo['name']).'</a>';
} else if (empty($url_file) === false) { } else if (empty($url_file) === false) {
// Set the custom url file. // Set the custom url file.
$url_file_clean = str_replace('[FILE_FULLPATH]', $fileinfo['realpath'], $url_file); $url_file_clean = str_replace('[FILE_FULLPATH]', $fileinfo['realpath'], $url_file);
$data[1] = '<a href="'.$url_file_clean.'">'.$fileinfo['name'].'</a>'; $data[1] = '<a href="'.$url_file_clean.'">'.io_safe_input($fileinfo['name']).'</a>';
} else { } else {
$filename = base64_encode($relative_directory.'/'.$fileinfo['name']); $filename = base64_encode($relative_directory.'/'.$fileinfo['name']);
$hash = md5($filename.$config['server_unique_identifier']); $hash = md5($filename.$config['server_unique_identifier']);
$data[1] = '<a href="'.$hack_metaconsole.'include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'">'.$fileinfo['name'].'</a>'; $data[1] = '<a href="'.$hack_metaconsole.'include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'">'.io_safe_input($fileinfo['name']).'</a>';
} }
// Notice that uploaded php files could be dangerous. // Notice that uploaded php files could be dangerous.