From d896c0fafd3514308ecc2053f7f10688ecffa6fb Mon Sep 17 00:00:00 2001
From: Conrad Lara - KG6JEI <KG6JEI@amsat.org>
Date: Tue, 24 Jan 2017 20:06:43 -0800
Subject: [PATCH] Bugfix: read_postdata() accepts files when not expected

Correct read_postdata() to only accept files from pages that are
specifically designed to accept files.

This should be limited to authenticated pages only.

Backport SCS-2017-001

Related to  Ic40f19a88e543d83a8097abcd4e7254ccea90f49

Conflicts:

	files/www/cgi-bin/admin
---
 files/www/cgi-bin/admin       | 2 +-
 files/www/cgi-bin/perlfunc.pm | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/files/www/cgi-bin/admin b/files/www/cgi-bin/admin
index d3770588..4fd987d9 100755
--- a/files/www/cgi-bin/admin
+++ b/files/www/cgi-bin/admin
@@ -57,7 +57,7 @@ sub firmware_list_gen
 
 $debug = 0;
 $| = 1;
-read_postdata();
+read_postdata({acceptfile => true});
 read_query_string();
 $node = nvram_get("node");
 $tmpdir = "/tmp/web/admin";
diff --git a/files/www/cgi-bin/perlfunc.pm b/files/www/cgi-bin/perlfunc.pm
index a32b8da9..7e56a821 100644
--- a/files/www/cgi-bin/perlfunc.pm
+++ b/files/www/cgi-bin/perlfunc.pm
@@ -165,6 +165,7 @@ sub fgets
 # (from STDIN in method=post form)
 sub read_postdata
 {
+    my ($pdc) = @_;
     if ( $ENV{REQUEST_METHOD} != "POST" || !$ENV{CONTENT_LENGTH}){ return; };
     my ($line, $parm, $file, $handle, $tmp);
     my $state = "boundary";
@@ -187,7 +188,7 @@ sub read_postdata
 	    if(($parm, $file) = $line =~ /^$prefix name="(\w+)"; filename="(.*)"$/)
 	    { # file upload
 		$parms{$parm} = $file;
-		if($file) { $state = "ctype" }
+		if($file && $pdc->{acceptfile}) { $state = "ctype" }
 		else      { $state = "boundary" }
 	    }
 	    elsif(($parm) = $line =~ /^$prefix name="(\w+)"$/)