From 14de24303ed5526a36d0bd155c208b9dfff13928 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Wed, 29 Apr 2009 19:15:54 +0000
Subject: [PATCH] "prevent empty account-names from deleting whole /home"

---
 phpgwapi/inc/class.vfs_home_hooks.inc.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/phpgwapi/inc/class.vfs_home_hooks.inc.php b/phpgwapi/inc/class.vfs_home_hooks.inc.php
index 66a46961a1..7507e5e7b5 100644
--- a/phpgwapi/inc/class.vfs_home_hooks.inc.php
+++ b/phpgwapi/inc/class.vfs_home_hooks.inc.php
@@ -89,11 +89,15 @@ class vfs_home_hooks
 			// make the new owner the owner of the dir and it's content
 			egw_vfs::find($new_dir,array(),array('egw_vfs','chown'),$data['new_owner']);
 		}
-		else
+		elseif(!empty($data['account_lid']) && $data['account_lid'] != '/')
 		{
 			// delete the user-directory
 			egw_vfs::remove('/home/'.$data['account_lid']);
 		}
+		else
+		{
+			throw new egw_exception_assertion_failed(__METHOD__.'('.array2string($data).') account_lid NOT set!');
+		}
 		egw_vfs::$is_root = false;
 	}
 
@@ -147,6 +151,11 @@ class vfs_home_hooks
 	static function deleteGroup($data)
 	{
 		if (self::LOG_LEVEL > 0) error_log(__METHOD__.'('.array2string($data).')');
+
+		if(empty($data['account_name']) || $data['account_name'] == '/')
+		{
+			throw new egw_exception_assertion_failed(__METHOD__.'('.array2string($data).') account_name NOT set!');
+		}
 		// delete the group-directory
 		egw_vfs::$is_root = true;
 		egw_vfs::remove('/home/'.$data['account_name']);