diff options
author | adam <adam@> | 2021-02-14 10:50:31 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-14 10:50:31 +0200 |
commit | 47a01771243568017a5aedfb948a7fb2bf9543f8 (patch) | |
tree | fd1617dce8dc24af3b0536dadbafe11dc3a10764 | |
parent | 8c5e2a88177786da775deb551ea24cca26a686a2 (diff) | |
download | fileup-47a01771243568017a5aedfb948a7fb2bf9543f8.tar.gz |
added some sanity checks
-rw-r--r-- | php/move.php | 4 | ||||
-rw-r--r-- | php/node.php | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/php/move.php b/php/move.php index 945c697..d1bbbfc 100644 --- a/php/move.php +++ b/php/move.php @@ -26,7 +26,9 @@ $homedir = $user->home_directory; $old_dir = get_directory($old_folder, $user); $new_dir = get_directory($new_folder, $user); -if (!$old_dir || !$new_dir) { +$trash_dir = get_directory("/trash",$user); +$share_dir = get_directory("/share",$user); +if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) { error_log("invalid src/dst dir"); http_response_code(409); exit(0); diff --git a/php/node.php b/php/node.php index 0593211..a67cd38 100644 --- a/php/node.php +++ b/php/node.php @@ -74,6 +74,10 @@ require_once "user.php"; { global $database; $parent_dir_id=get_directory($abstract_path,$user); + if($parent_dir_id==$user->home_directory && ($filename=="share" || $filename=="trash")) + { + return ; + } $database->unlink_nodes($parent_dir_id,$filename); } function create_share_link(string $abstract_path,string $filename,string $password, |