From 0d2f8f00a6a442f5672e5fe8f62a1f4d21da6a9b Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 27 Aug 2014 13:38:41 -0400
Subject: Improve security handling provided filename values.

---
 config/suricata/suricata_sid_mgmt.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'config/suricata/suricata_sid_mgmt.php')

diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php
index 07a09178..c69a9fcd 100644
--- a/config/suricata/suricata_sid_mgmt.php
+++ b/config/suricata/suricata_sid_mgmt.php
@@ -96,7 +96,7 @@ function suricata_is_sidmodslist_active($sidlist) {
 if (isset($_POST['upload'])) {
 	if ($_FILES["sidmods_fileup"]["error"] == UPLOAD_ERR_OK) {
 		$tmp_name = $_FILES["sidmods_fileup"]["tmp_name"];
-		$name = $_FILES["sidmods_fileup"]["name"];
+		$name = basename($_FILES["sidmods_fileup"]["name"]);
 		move_uploaded_file($tmp_name, "{$sidmods_path}{$name}");
 	}
 	else
@@ -104,8 +104,8 @@ if (isset($_POST['upload'])) {
 }
 
 if (isset($_POST['sidlist_delete']) && isset($_POST['sidlist_fname'])) {
-	if (!suricata_is_sidmodslist_active($_POST['sidlist_fname']))
-		unlink_if_exists("{$sidmods_path}{$_POST['sidlist_fname']}");
+	if (!suricata_is_sidmodslist_active(basename($_POST['sidlist_fname'])))
+		unlink_if_exists($sidmods_path . basename($_POST['sidlist_fname']));
 	else
 		$input_errors[] = gettext("This SID Mods List is currently assigned to an interface and cannot be deleted.");
 }
-- 
cgit v1.2.3