captive-portal: Move CGI files to CGI directory

Previously the assets directory has ExecCGI privileges which is not at all required and potentially dangerous. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-27 11:13:24 +02:00 · 2017-04-21 16:46:49 +01:00
parent d57e8c67bc
commit 0a02d9bb0c
4 changed files with 8 additions and 9 deletions
--- a/html/cgi-bin/captive/redirect.cgi
+++ b/html/cgi-bin/captive/redirect.cgi
@@ -0,0 +1,58 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2016 Alexander Marx alexander.marx@ipfire.org                 #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+use URI::Escape;
+use CGI::Carp qw(fatalsToBrowser);
+
+require '/var/ipfire/general-functions.pl';
+
+my $url = "http://$ENV{'SERVER_NAME'}$ENV{'REQUEST_URI'}";
+my $safe_url = uri_escape($url);
+
+my %settingshash = ();
+my %ethernethash = ();
+my $target;
+
+# Read settings
+&General::readhash("${General::swroot}/captive/settings", \%settingshash);
+&General::readhash("${General::swroot}/ethernet/settings", \%ethernethash);
+
+# Get the client's IP address
+my $client_address = $ENV{X_FORWARDED_FOR} || $ENV{REMOTE_ADDR} || "";
+
+if ($settingshash{'ENABLE_GREEN'} eq "on" && $ethernethash{'GREEN_ADDRESS'} ne '') {
+	if (&General::IpInSubnet($client_address, $ethernethash{'GREEN_ADDRESS'}, $ethernethash{'GREEN_NETMASK'})) {
+		$target = $ethernethash{'GREEN_ADDRESS'};
+	}
+
+} elsif($settingshash{'ENABLE_BLUE'} eq "on" && $ethernethash{'BLUE_ADDRESS'} ne '') {
+	if (&General::IpInSubnet($client_address, $ethernethash{'BLUE_ADDRESS'}, $ethernethash{'BLUE_NETMASK'})) {
+		$target = $ethernethash{'BLUE_ADDRESS'};
+	}
+
+} else {
+	exit 0;
+}
+
+print "Status: 302 Moved Temporarily\n";
+print "Location: http://$target:1013/cgi-bin/index.cgi?redirect=$safe_url\n";
+print "Connection: close\n\n";