No need to move the tarball to a hard-wired location under /tmp .

git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6561 283159da-0705-0410-b60c-f2062b4bb6ad

1 files changed, 3 insertions, 5 deletions

diff --git a/gui/index.php b/gui/index.php
index aede7c7..891680c 100644
--- a/gui/index.php
+++ b/gui/index.php
@@ -41,11 +41,9 @@ if (isset($_REQUEST["submit"]))
 			$error = "Bad file uploaded: " . $_FILES['filename']['name'];
 			break;
 		}
-		if (!move_uploaded_file($_FILES["filename"]["tmp_name"], "/tmp/remote-access.tar.gz")) {
-			$error = "Bad file uploaded: " . $_FILES['filename']['name'];
-			break;
-		}
-		system("sudo -H -u rapid-tunneling rapid-tunneling /tmp/remote-access.tar.gz >/tmp/ra.log 2>&1", $ret);
+		# FIXME: insecure temporary file /tmp/ra.log
+		system("sudo -H -u rapid-tunneling rapid-tunneling ".
+			$_FILES["filename"]["tmp_name"]." >/tmp/ra.log 2>&1", $ret);
 		if ($ret != 0) {
 			$error = "Invalid or corrupt file. Please try again.";
 			if ( $ret == 7) {