diff options
-rw-r--r-- | gui/index.php | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/gui/index.php b/gui/index.php index aede7c7..891680c 100644 --- a/gui/index.php +++ b/gui/index.php @@ -41,11 +41,9 @@ if (isset($_REQUEST["submit"])) $error = "Bad file uploaded: " . $_FILES['filename']['name']; break; } - if (!move_uploaded_file($_FILES["filename"]["tmp_name"], "/tmp/remote-access.tar.gz")) { - $error = "Bad file uploaded: " . $_FILES['filename']['name']; - break; - } - system("sudo -H -u rapid-tunneling rapid-tunneling /tmp/remote-access.tar.gz >/tmp/ra.log 2>&1", $ret); + # FIXME: insecure temporary file /tmp/ra.log + system("sudo -H -u rapid-tunneling rapid-tunneling ". + $_FILES["filename"]["tmp_name"]." >/tmp/ra.log 2>&1", $ret); if ($ret != 0) { $error = "Invalid or corrupt file. Please try again."; if ( $ret == 7) { |