diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-01-28 16:01:01 -0500 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-01-28 16:01:01 -0500 |
| commit | c613223747934c62488bb55fb72138bec353ff61 (patch) | |
| tree | 192f5a8d79578517c8b3ae212c326a37df858129 /config | |
| parent | 08a5e3a9d9ec1604302ee49fd1c6666897f2290b (diff) | |
| download | pfsense-packages-c613223747934c62488bb55fb72138bec353ff61.tar.gz pfsense-packages-c613223747934c62488bb55fb72138bec353ff61.tar.bz2 pfsense-packages-c613223747934c62488bb55fb72138bec353ff61.zip | |
Fix snort_rules_edit.php to address http://seclist.org/fulldisclosure/2014/Jan/187
Diffstat (limited to 'config')
| -rwxr-xr-x | config/snort/snort_rules_edit.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 28deccd5..61a9574a 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -115,8 +115,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}")) elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}"); // Is it a fully qualified path and file? -elseif (file_exists($file)) - $contents = file_get_contents($file); +elseif (file_exists($file)) { + if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) + $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!"); + else + $contents = file_get_contents($file); +} // It is not something we can display, so exit. else $input_errors[] = gettext("Unable to open file: {$displayfile}"); |