Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>


Am 01.08.2023 um 17:48 schrieb Stefan Schantl:
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>   html/cgi-bin/extrahd.cgi | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi
> index 122f1d12d..bd64dff07 100644
> --- a/html/cgi-bin/extrahd.cgi
> +++ b/html/cgi-bin/extrahd.cgi
> @@ -667,6 +667,10 @@ sub is_mounted ($) {
>   sub is_valid_dir ($) {
>   	my ($mpoint) = @_;
>   
> +	# Do not allow "/mnt" or "/media" as mount points.
> +	return if($mpoint eq "/mnt");
> +	return if($mpoint eq "/media");
> +
>   	# Split the given mountpoint into pieces and store them
>   	# in a temporay array.
>   	my @tmp = split("/", $mpoint);