backup: Sanitise content of ADDON variable

References: #11830 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-18 23:12:59 +02:00 · 2018-08-30 10:28:45 +01:00
parent 7f6257e0a4
commit 614764e58a
1 changed files with 6 additions and 0 deletions
--- a/html/cgi-bin/backup.cgi
+++ b/html/cgi-bin/backup.cgi
@@ -124,6 +124,12 @@ if ( $cgiparams{'ACTION'} eq "backup" )
 }
 if ( $cgiparams{'ACTION'} eq "addonbackup" )
 {
+	# Exit if there is any dots or slashes in the addon name
+	exit(1) if ($cgiparams{'ADDON'} =~ /(\.|\/)/);
+
+	# Check if the addon exists
+	exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
+
 	system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
 }
 elsif ( $cgiparams{'ACTION'} eq "delete" )