aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-01-28 16:01:01 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-01-28 16:01:01 -0500
commitc613223747934c62488bb55fb72138bec353ff61 (patch)
tree192f5a8d79578517c8b3ae212c326a37df858129 /config
parent08a5e3a9d9ec1604302ee49fd1c6666897f2290b (diff)
downloadpfsense-packages-c613223747934c62488bb55fb72138bec353ff61.tar.gz
pfsense-packages-c613223747934c62488bb55fb72138bec353ff61.tar.bz2
pfsense-packages-c613223747934c62488bb55fb72138bec353ff61.zip
Fix snort_rules_edit.php to address http://seclist.org/fulldisclosure/2014/Jan/187
Diffstat (limited to 'config')
-rwxr-xr-xconfig/snort/snort_rules_edit.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 28deccd5..61a9574a 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -115,8 +115,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}"))
elseif (file_exists("{$snortdir}/preproc_rules/{$file}"))
$contents = file_get_contents("{$snortdir}/preproc_rules/{$file}");
// Is it a fully qualified path and file?
-elseif (file_exists($file))
- $contents = file_get_contents($file);
+elseif (file_exists($file)) {
+ if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
+ $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
+ else
+ $contents = file_get_contents($file);
+}
// It is not something we can display, so exit.
else
$input_errors[] = gettext("Unable to open file: {$displayfile}");