dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a security vulnerability for provisioning

This commit is contained in:
Mark Crane 2014-06-09 17:47:37 +00:00
parent 78288a156b
commit 3d86cbc7b7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/provision/resources/classes/provision.php
View File

@ -139,6 +139,10 @@ include "root.php";
$mac = $this->mac;
$file = $this->file;
//remove ../ and slashes in the file name
$search = array('..', '/', '\\');
$file = str_replace($search, "", $file);
//get the domain_name
if (strlen($domain_name) == 0) {
$sql = "SELECT domain_name FROM v_domains ";