mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-21 23:20:22 +00:00
Revert "Sanitize path to prevent directory traversal"
This reverts commit 2cdf6ef53e
.
This commit is contained in:
parent
2cdf6ef53e
commit
79d33db2bf
2 changed files with 7 additions and 10 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -5,3 +5,4 @@ yarn-error.log
|
|||
includes/config.php
|
||||
rootCA.pem
|
||||
vendor
|
||||
.env
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
import subprocess
|
||||
import re
|
||||
import os
|
||||
|
||||
def configs():
|
||||
#ignore symlinks, because wg0.conf is in production the main config, but in insiders it is a symlink
|
||||
|
@ -25,16 +24,13 @@ def client_config_list(client_config):
|
|||
if not re.match(pattern, client_config):
|
||||
raise ValueError("Invalid client_config")
|
||||
|
||||
# sanitize path to prevent directory traversal
|
||||
client_config = os.path.basename(client_config)
|
||||
|
||||
config_path = os.path.join("/etc/wireguard/", client_config)
|
||||
if not os.path.exists(config_path):
|
||||
raise FileNotFoundError("Client configuration file not found")
|
||||
|
||||
config_path = f"/etc/wireguard/{client_config}"
|
||||
try:
|
||||
with open(config_path, 'r') as f:
|
||||
output = f.read().strip()
|
||||
return output.split('\n')
|
||||
except FileNotFoundError:
|
||||
raise FileNotFoundError("Client configuration file not found")
|
||||
|
||||
#TODO: where is the logfile??
|
||||
#TODO: is service connected?
|
||||
|
|
Loading…
Reference in a new issue