summaryrefslogtreecommitdiff
path: root/gui
diff options
context:
space:
mode:
Diffstat (limited to 'gui')
-rw-r--r--gui/index.php8
1 files changed, 3 insertions, 5 deletions
diff --git a/gui/index.php b/gui/index.php
index aede7c7..891680c 100644
--- a/gui/index.php
+++ b/gui/index.php
@@ -41,11 +41,9 @@ if (isset($_REQUEST["submit"]))
$error = "Bad file uploaded: " . $_FILES['filename']['name'];
break;
}
- if (!move_uploaded_file($_FILES["filename"]["tmp_name"], "/tmp/remote-access.tar.gz")) {
- $error = "Bad file uploaded: " . $_FILES['filename']['name'];
- break;
- }
- system("sudo -H -u rapid-tunneling rapid-tunneling /tmp/remote-access.tar.gz >/tmp/ra.log 2>&1", $ret);
+ # FIXME: insecure temporary file /tmp/ra.log
+ system("sudo -H -u rapid-tunneling rapid-tunneling ".
+ $_FILES["filename"]["tmp_name"]." >/tmp/ra.log 2>&1", $ret);
if ($ret != 0) {
$error = "Invalid or corrupt file. Please try again.";
if ( $ret == 7) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 12:39:28 +0000