From 35a7459950e615394fb8a450ca112f6741125adc Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Fri, 29 May 2026 16:59:05 +0200
Subject: [PATCH] Fix temp file delete path validation

---
 cpan/delete_file.cgi     | 4 ++--
 software/delete_file.cgi | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cpan/delete_file.cgi b/cpan/delete_file.cgi
index a427b48ef..9f8574c8a 100755
--- a/cpan/delete_file.cgi
+++ b/cpan/delete_file.cgi
@@ -6,8 +6,8 @@ require './cpan-lib.pl';
 &ReadParse();
 $tmp_base = $gconfig{'tempdir'} || &default_webmin_temp_dir();
 foreach $f (split(/\0/, $in{'file'})) {
-	$f =~ /^\Q$tmp_base\E\// || &error($text{'delete_efile'});
-	unlink($f);
+	&is_under_directory($tmp_base, $f) || &error($text{'delete_efile'});
+	unlink($f) if (!&is_readonly_mode());
 	}
 &redirect("");
 
diff --git a/software/delete_file.cgi b/software/delete_file.cgi
index ce5ad101a..c00def297 100755
--- a/software/delete_file.cgi
+++ b/software/delete_file.cgi
@@ -5,7 +5,7 @@
 require './software-lib.pl';
 &ReadParse();
 my $tmp_base = $gconfig{'tempdir'} || &default_webmin_temp_dir();
-$in{'file'} =~ /^\Q$tmp_base\E\// || &error($text{'delete_efile'});
-unlink($in{'file'});
+&is_under_directory($tmp_base, $in{'file'}) || &error($text{'delete_efile'});
+unlink($in{'file'}) if (!&is_readonly_mode());
 &redirect("");