Permalink
Show file tree
Hide file tree
64 changes: 56 additions & 8 deletions
64
buildroot-external/patches/occu/0031-WebUI-Fix-FileUpload.patch
62 changes: 55 additions & 7 deletions
62
...root-external/patches/occu/0031-WebUI-Fix-FileUpload/occu/WebUI/www/config/fileupload.ccc
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
reworked fileupload.ccc in 0031-WebUI-Fix-FileUpload WebUI patch to
contain several security checks for a valid admin session id and query string checks as well as omitting the critical use of "eval" to parse the URL query string altogether. This should significantly improve the security burden, thus fix a security issue raised by @qx-f7
- Loading branch information
Showing
2 changed files
with
111 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters