Merge pull request #1491 from RaspAP/fix/sanitize-ajax

Security roundup
RaspAP · Dec 31, 2023 · b2c78ff · b2c78ff
2 parents fd38a22 + ebfb138
commit b2c78ff
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 97 deletions.
diff --git a/ajax/networking/save_net_dev_config.php b/ajax/networking/save_net_dev_config.php
diff --git a/ajax/system/sys_get_logfile.php b/ajax/system/sys_get_logfile.php
@@ -3,9 +3,10 @@
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
 
-$filePath = $_GET['filePath'];
+$tempDir = sys_get_temp_dir();
+$filePath = $tempDir . DIRECTORY_SEPARATOR . RASPI_DEBUG_LOG;
 
-if (isset($filePath) && strpos($filePath, RASPI_DEBUG_LOG) !== false) {
+if (isset($filePath)) {
     header('Content-Type: application/octet-stream');
     header('Content-Disposition: attachment; filename='.basename($filePath));
     header('Expires: 0');

diff --git a/app/js/custom.js b/app/js/custom.js
@@ -270,8 +270,7 @@ function setDHCPToggles(state) {
 $('#debugModal').on('shown.bs.modal', function (e) {
   var csrfToken = $('meta[name=csrf_token]').attr('content');
   $.post('ajax/system/sys_debug.php',{'csrf_token': csrfToken},function(data){
-        var filePath = JSON.parse(data);
-        window.location.replace('/ajax/system/sys_get_logfile.php?filePath='+filePath);
+        window.location.replace('/ajax/system/sys_get_logfile.php');
         $('#debugModal').modal('hide');
     });
 });