mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-23 23:29:31 +01:00
some precaution to never allow to (recursivly) remove /, /apps or /home
This commit is contained in:
parent
b928db2182
commit
7ec34336f3
@ -61,6 +61,7 @@ class filemanager_ui
|
||||
in_array($user,split(', *',$GLOBALS['egw_info']['server']['vfs_root_user'])) &&
|
||||
$GLOBALS['egw']->auth->authenticate($user, $password, 'text');
|
||||
}
|
||||
//echo "<p>".__METHOD__."('$user','$password') user_pw_hash(...)='".egw_session::user_pw_hash($user,$password)."', config_hash='{$GLOBALS['egw_info']['server']['config_hash']}' --> returning ".array2string($is_root)."</p>\n";
|
||||
return egw_session::appsession('is_root','filemanager',egw_vfs::$is_root = $is_root);
|
||||
}
|
||||
|
||||
@ -423,6 +424,14 @@ class filemanager_ui
|
||||
}
|
||||
if ($selected) // somethings left to delete
|
||||
{
|
||||
// some precaution to never allow to (recursivly) remove /, /apps or /home
|
||||
foreach((array)$selected as $path)
|
||||
{
|
||||
if (preg_match('/^\/?(home|apps|)\/*$/',$path))
|
||||
{
|
||||
return lang("Cautiously rejecting to remove folder '$path'!");
|
||||
}
|
||||
}
|
||||
// now we use find to loop through all files and dirs: (selected only contains dirs now)
|
||||
// - depth=true to get first the files and then the dir containing it
|
||||
// - hidden=true to also return hidden files (eg. Thumbs.db), as we cant delete non-empty dirs
|
||||
|
@ -657,8 +657,16 @@ class egw_vfs extends vfs_stream_wrapper
|
||||
*/
|
||||
static function remove($urls,$allow_urls=false)
|
||||
{
|
||||
//error_log(__METHOD__.'('.print_r($urls).')');
|
||||
return self::find($urls,array('depth'=>true,'url'=>$allow_urls),array(__CLASS__,'_rm_rmdir'));
|
||||
//error_log(__METHOD__.'('.array2string($urls).')');
|
||||
// some precaution to never allow to (recursivly) remove /, /apps or /home
|
||||
foreach((array)$urls as $url)
|
||||
{
|
||||
if (preg_match('/^\/?(home|apps|)\/*$/',parse_url($url,PHP_URL_PATH)))
|
||||
{
|
||||
throw new egw_exception_assertion_failed(__METHOD__.'('.array2string($urls).") Cautiously rejecting to remove folder '$url'!");
|
||||
}
|
||||
}
|
||||
return self::find($urls,array('depth'=>true,'url'=>$allow_urls,'hidden'=>true),array(__CLASS__,'_rm_rmdir'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user