diff options
author | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2009-01-06 14:27:12 +0000 |
---|---|---|
committer | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2009-01-06 14:27:12 +0000 |
commit | 95d2d94146c2d5c97f3a532dd211a9c729ac1b43 (patch) | |
tree | 6b4efd77ce66be293b8a7a0e7d7c558c32f8f432 /gui | |
parent | 3a8648ba285491f67c75c92e5e532f2b6e74ad8b (diff) |
No need to move the tarball to a hard-wired location under /tmp .
git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6561 283159da-0705-0410-b60c-f2062b4bb6ad
Diffstat (limited to 'gui')
-rw-r--r-- | gui/index.php | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/gui/index.php b/gui/index.php index aede7c7..891680c 100644 --- a/gui/index.php +++ b/gui/index.php @@ -41,11 +41,9 @@ if (isset($_REQUEST["submit"])) $error = "Bad file uploaded: " . $_FILES['filename']['name']; break; } - if (!move_uploaded_file($_FILES["filename"]["tmp_name"], "/tmp/remote-access.tar.gz")) { - $error = "Bad file uploaded: " . $_FILES['filename']['name']; - break; - } - system("sudo -H -u rapid-tunneling rapid-tunneling /tmp/remote-access.tar.gz >/tmp/ra.log 2>&1", $ret); + # FIXME: insecure temporary file /tmp/ra.log + system("sudo -H -u rapid-tunneling rapid-tunneling ". + $_FILES["filename"]["tmp_name"]." >/tmp/ra.log 2>&1", $ret); if ($ret != 0) { $error = "Invalid or corrupt file. Please try again."; if ( $ret == 7) { |