summaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorramon <ramongomez@us.es>2016-10-03 11:38:47 +0000
committerramon <ramongomez@us.es>2016-10-03 11:38:47 +0000
commit2a0be21fe0d0e2301589ea53082dd318bc4fb735 (patch)
tree106d29192dc3f15a8a21a919ab0340fa7bf6086e /admin
parentab4ab398540f82d29f64c073bc0a521ae37c179e (diff)
#718: Mejorar la seguridad en la descarga de OGAgent en el formulario de propiedades del equipo.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@5025 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'admin')
-rw-r--r--admin/WebConsole/descargas/index.php23
-rw-r--r--admin/WebConsole/idiomas/php/cat/descargas_cat.php3
-rw-r--r--admin/WebConsole/idiomas/php/eng/descargas_eng.php3
-rw-r--r--admin/WebConsole/idiomas/php/esp/descargas_esp.php1
4 files changed, 21 insertions, 9 deletions
diff --git a/admin/WebConsole/descargas/index.php b/admin/WebConsole/descargas/index.php
index d6ff884d..edf7bd4a 100644
--- a/admin/WebConsole/descargas/index.php
+++ b/admin/WebConsole/descargas/index.php
@@ -18,7 +18,7 @@ if (isset($_POST['file'])) {
// Send file.
sendFile ($_POST['file']);
} else {
- // Show files list.
+ // Show list of files.
echo '<!DOCTYPE html>'."\n";
echo '<html><head>'."\n";
echo ' <link rel="stylesheet" type="text/css" href="../estilos.css" />'."\n";
@@ -27,15 +27,24 @@ if (isset($_POST['file'])) {
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">'."\n";
echo ' <table>'."\n";
echo ' <tr><th>'.$TbMsg['DOWNLOADS'].':</th></tr>'."\n";
- echo ' <tr><td><select name="file">'."\n";
$filelist = glob("*");
+ $data = "";
foreach ($filelist as $f) {
- // Skip this file.
- if ($f == basename(__FILE__)) continue;
- echo ' <option value="'.$f.'">'.$f.'</option>'."\n";
+ // Get only readable files, except this one.
+ if ($f !== basename(__FILE__) and is_file($f) and is_readable($f)) {
+ $data .= ' <option value="'.$f.'">'.$f.'</option>'."\n";
+ }
+ }
+ if (empty($data)) {
+ // Show warning message if there is no files to download.
+ echo ' <tr><td>'.$TbMsg['NOFILES'].'</td></tr>'."\n";
+ } else {
+ // Show available files.
+ echo ' <tr><td><select name="file">'."\n";
+ echo $data;
+ echo ' </select>'."\n";
+ echo ' <input type="submit" value="" style="width:20px; background:url(../images/boton_confirmar.gif);"></td></tr>'."\n";
}
- echo ' </select>'."\n";
- echo ' <input type="submit" value="" style="width:20px; background:url(../images/boton_confirmar.gif);"></td></tr>'."\n";
echo '</table>'."\n";
echo '</form>'."\n";
echo '</body></html>'."\n";
diff --git a/admin/WebConsole/idiomas/php/cat/descargas_cat.php b/admin/WebConsole/idiomas/php/cat/descargas_cat.php
index c737651b..08152fa6 100644
--- a/admin/WebConsole/idiomas/php/cat/descargas_cat.php
+++ b/admin/WebConsole/idiomas/php/cat/descargas_cat.php
@@ -6,7 +6,8 @@
// Idioma: Català
//______________________________________________________________
if (empty ($TbMsg)) $TbMsg=array();
-$TbMsg['DOWNLOADS']="descàrregues disponibles";
+$TbMsg['DOWNLOADS']="Descàrregues disponibles";
+$TbMsg['NOFILES']="No hi ha fitxers disponibles";
// Avís: no hi ha cap deixar caràcter fora del codi PHP.
?>
diff --git a/admin/WebConsole/idiomas/php/eng/descargas_eng.php b/admin/WebConsole/idiomas/php/eng/descargas_eng.php
index 73ad22a5..b04ef2a7 100644
--- a/admin/WebConsole/idiomas/php/eng/descargas_eng.php
+++ b/admin/WebConsole/idiomas/php/eng/descargas_eng.php
@@ -6,6 +6,7 @@
//______________________________________________________________
if (empty ($TbMsg)) $TbMsg=array();
$TbMsg['DOWNLOADS']="Available downloads";
+$TbMsg['NOFILES']="No files available";
-// Warning: Don't left any character outside PHP code.
+// Warning: Do not leave characters out of PHP code.
?>
diff --git a/admin/WebConsole/idiomas/php/esp/descargas_esp.php b/admin/WebConsole/idiomas/php/esp/descargas_esp.php
index 1f1ed487..fa4898ff 100644
--- a/admin/WebConsole/idiomas/php/esp/descargas_esp.php
+++ b/admin/WebConsole/idiomas/php/esp/descargas_esp.php
@@ -7,6 +7,7 @@
//______________________________________________________________
if (empty ($TbMsg)) $TbMsg=array();
$TbMsg['DOWNLOADS']="Descargas disponibles";
+$TbMsg['NOFILES']="No hay ficheros disponibles";
// Aviso: no dejar ningún carácter fuera del código PHP.
?>