From 95d2d94146c2d5c97f3a532dd211a9c729ac1b43 Mon Sep 17 00:00:00 2001
From: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
Date: Tue, 6 Jan 2009 14:27:12 +0000
Subject: No need to move the tarball to a hard-wired location under /tmp .

git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6561 283159da-0705-0410-b60c-f2062b4bb6ad
---
 gui/index.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'gui')

diff --git a/gui/index.php b/gui/index.php
index aede7c7..891680c 100644
--- a/gui/index.php
+++ b/gui/index.php
@@ -41,11 +41,9 @@ if (isset($_REQUEST["submit"]))
 			$error = "Bad file uploaded: " . $_FILES['filename']['name'];
 			break;
 		}
-		if (!move_uploaded_file($_FILES["filename"]["tmp_name"], "/tmp/remote-access.tar.gz")) {
-			$error = "Bad file uploaded: " . $_FILES['filename']['name'];
-			break;
-		}
-		system("sudo -H -u rapid-tunneling rapid-tunneling /tmp/remote-access.tar.gz >/tmp/ra.log 2>&1", $ret);
+		# FIXME: insecure temporary file /tmp/ra.log
+		system("sudo -H -u rapid-tunneling rapid-tunneling ".
+			$_FILES["filename"]["tmp_name"]." >/tmp/ra.log 2>&1", $ret);
 		if ($ret != 0) {
 			$error = "Invalid or corrupt file. Please try again.";
 			if ( $ret == 7) {
-- 
cgit v1.2.3