mirror of
https://github.com/webmin/webmin.git
synced 2026-05-16 11:50:26 +01:00
04ae776e6a
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
* Note: Validate File Manager action name/file parameters as checked paths under the current directory and `allowed_paths` before operations, blocking traversal and symlink escapes.
38 lines
748 B
Perl
Executable File
38 lines
748 B
Perl
Executable File
#!/usr/local/bin/perl
|
|
|
|
require './filemin-lib.pl';
|
|
&ReadParse();
|
|
|
|
if (!$in{'name'}) {
|
|
&redirect("index.cgi?path=".&urlize($path));
|
|
}
|
|
|
|
get_paths();
|
|
my $file = $in{'file'};
|
|
my $name = $in{'name'};
|
|
my $from = &validate_filename_path($file);
|
|
my $to = &validate_filename_path($name);
|
|
if (-e $to) {
|
|
print_errors("$name $text{'error_exists'}");
|
|
}
|
|
else {
|
|
my $from_dir = $from;
|
|
my $to_dir = $to;
|
|
$from_dir =~ s/\/[^\/]*$//;
|
|
$to_dir =~ s/\/[^\/]*$//;
|
|
$from_dir ||= "/";
|
|
$to_dir ||= "/";
|
|
if (!can_move($from, $from_dir, $to_dir)) {
|
|
print_errors(
|
|
"$file - $text{'error_move'}");
|
|
}
|
|
elsif (&rename_file($from, $to)) {
|
|
&redirect("index.cgi?path=".
|
|
&urlize($path));
|
|
}
|
|
else {
|
|
print_errors(
|
|
"$text{'error_rename'} $file: $!");
|
|
}
|
|
}
|