michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-04 12:20:23 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fix temp file delete path validation
Some checks failed
Tests / prove (push) Has been cancelled
Details
Build / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Ilia Ross
2026-05-29 16:59:05 +02:00
parent 5a9d2a2ca5
commit 35a7459950
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpan/delete_file.cgi
View File

@@ -6,8 +6,8 @@ require './cpan-lib.pl';
&ReadParse();
$tmp_base = $gconfig{'tempdir'} || &default_webmin_temp_dir();
foreach $f (split(/\0/, $in{'file'})) {
$f =~ /^\Q$tmp_base\E\// || &error($text{'delete_efile'});
unlink($f);
&is_under_directory($tmp_base, $f) || &error($text{'delete_efile'});
unlink($f) if (!&is_readonly_mode());
}
&redirect("");

4
software/delete_file.cgi
View File

@@ -5,7 +5,7 @@
require './software-lib.pl';
&ReadParse();
my $tmp_base = $gconfig{'tempdir'} || &default_webmin_temp_dir();
$in{'file'} =~ /^\Q$tmp_base\E\// || &error($text{'delete_efile'});
unlink($in{'file'});
&is_under_directory($tmp_base, $in{'file'}) || &error($text{'delete_efile'});
unlink($in{'file'}) if (!&is_readonly_mode());
&redirect("");