nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix a security vulnerability for provisioning

Browse Source
This commit is contained in:
Mark Crane
2014-06-09 17:47:37 +00:00
parent 78288a156b
commit 3d86cbc7b7
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/provision/resources/classes/provision.php
View File

@@ -139,6 +139,10 @@ include "root.php";
$mac = $this->mac;
$file = $this->file;
//remove ../ and slashes in the file name
$search = array('..', '/', '\\');
$file = str_replace($search, "", $file);
//get the domain_name
if (strlen($domain_name) == 0) {
$sql = "SELECT domain_name FROM v_domains ";