diff options
author | ramon <ramongomez@us.es> | 2016-10-03 11:38:47 +0000 |
---|---|---|
committer | ramon <ramongomez@us.es> | 2016-10-03 11:38:47 +0000 |
commit | 2a0be21fe0d0e2301589ea53082dd318bc4fb735 (patch) | |
tree | 106d29192dc3f15a8a21a919ab0340fa7bf6086e /admin | |
parent | ab4ab398540f82d29f64c073bc0a521ae37c179e (diff) |
#718: Mejorar la seguridad en la descarga de OGAgent en el formulario de propiedades del equipo.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@5025 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'admin')
-rw-r--r-- | admin/WebConsole/descargas/index.php | 23 | ||||
-rw-r--r-- | admin/WebConsole/idiomas/php/cat/descargas_cat.php | 3 | ||||
-rw-r--r-- | admin/WebConsole/idiomas/php/eng/descargas_eng.php | 3 | ||||
-rw-r--r-- | admin/WebConsole/idiomas/php/esp/descargas_esp.php | 1 |
4 files changed, 21 insertions, 9 deletions
diff --git a/admin/WebConsole/descargas/index.php b/admin/WebConsole/descargas/index.php index d6ff884d..edf7bd4a 100644 --- a/admin/WebConsole/descargas/index.php +++ b/admin/WebConsole/descargas/index.php @@ -18,7 +18,7 @@ if (isset($_POST['file'])) { // Send file. sendFile ($_POST['file']); } else { - // Show files list. + // Show list of files. echo '<!DOCTYPE html>'."\n"; echo '<html><head>'."\n"; echo ' <link rel="stylesheet" type="text/css" href="../estilos.css" />'."\n"; @@ -27,15 +27,24 @@ if (isset($_POST['file'])) { echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">'."\n"; echo ' <table>'."\n"; echo ' <tr><th>'.$TbMsg['DOWNLOADS'].':</th></tr>'."\n"; - echo ' <tr><td><select name="file">'."\n"; $filelist = glob("*"); + $data = ""; foreach ($filelist as $f) { - // Skip this file. - if ($f == basename(__FILE__)) continue; - echo ' <option value="'.$f.'">'.$f.'</option>'."\n"; + // Get only readable files, except this one. + if ($f !== basename(__FILE__) and is_file($f) and is_readable($f)) { + $data .= ' <option value="'.$f.'">'.$f.'</option>'."\n"; + } + } + if (empty($data)) { + // Show warning message if there is no files to download. + echo ' <tr><td>'.$TbMsg['NOFILES'].'</td></tr>'."\n"; + } else { + // Show available files. + echo ' <tr><td><select name="file">'."\n"; + echo $data; + echo ' </select>'."\n"; + echo ' <input type="submit" value="" style="width:20px; background:url(../images/boton_confirmar.gif);"></td></tr>'."\n"; } - echo ' </select>'."\n"; - echo ' <input type="submit" value="" style="width:20px; background:url(../images/boton_confirmar.gif);"></td></tr>'."\n"; echo '</table>'."\n"; echo '</form>'."\n"; echo '</body></html>'."\n"; diff --git a/admin/WebConsole/idiomas/php/cat/descargas_cat.php b/admin/WebConsole/idiomas/php/cat/descargas_cat.php index c737651b..08152fa6 100644 --- a/admin/WebConsole/idiomas/php/cat/descargas_cat.php +++ b/admin/WebConsole/idiomas/php/cat/descargas_cat.php @@ -6,7 +6,8 @@ // Idioma: Català //______________________________________________________________ if (empty ($TbMsg)) $TbMsg=array(); -$TbMsg['DOWNLOADS']="descàrregues disponibles"; +$TbMsg['DOWNLOADS']="Descàrregues disponibles"; +$TbMsg['NOFILES']="No hi ha fitxers disponibles"; // Avís: no hi ha cap deixar caràcter fora del codi PHP. ?> diff --git a/admin/WebConsole/idiomas/php/eng/descargas_eng.php b/admin/WebConsole/idiomas/php/eng/descargas_eng.php index 73ad22a5..b04ef2a7 100644 --- a/admin/WebConsole/idiomas/php/eng/descargas_eng.php +++ b/admin/WebConsole/idiomas/php/eng/descargas_eng.php @@ -6,6 +6,7 @@ //______________________________________________________________ if (empty ($TbMsg)) $TbMsg=array(); $TbMsg['DOWNLOADS']="Available downloads"; +$TbMsg['NOFILES']="No files available"; -// Warning: Don't left any character outside PHP code. +// Warning: Do not leave characters out of PHP code. ?> diff --git a/admin/WebConsole/idiomas/php/esp/descargas_esp.php b/admin/WebConsole/idiomas/php/esp/descargas_esp.php index 1f1ed487..fa4898ff 100644 --- a/admin/WebConsole/idiomas/php/esp/descargas_esp.php +++ b/admin/WebConsole/idiomas/php/esp/descargas_esp.php @@ -7,6 +7,7 @@ //______________________________________________________________ if (empty ($TbMsg)) $TbMsg=array(); $TbMsg['DOWNLOADS']="Descargas disponibles"; +$TbMsg['NOFILES']="No hay ficheros disponibles"; // Aviso: no dejar ningún carácter fuera del código PHP. ?> |