aboutsummaryrefslogtreecommitdiffstats
path: root/php/move.php
diff options
context:
space:
mode:
authorAlex Vitkov <alexvitkov98@gmail.com>2021-03-20 10:58:25 +0200
committerAlex Vitkov <alexvitkov98@gmail.com>2021-03-20 10:58:25 +0200
commit0255b5f7f31c4c6caefc736c59ba6959d671a92d (patch)
tree0bdad18ce5a702b7133b5169fb40d7951a8c105e /php/move.php
parentcb3949d974f30501281fd2546ef23c81ac0282b3 (diff)
downloadfileup-0255b5f7f31c4c6caefc736c59ba6959d671a92d.tar.gz
Broke up loggedin.js into modules
Diffstat (limited to 'php/move.php')
-rw-r--r--php/move.php25
1 files changed, 23 insertions, 2 deletions
diff --git a/php/move.php b/php/move.php
index 5b8df30..ab70adf 100644
--- a/php/move.php
+++ b/php/move.php
@@ -13,9 +13,10 @@ if (!isset($_POST['old_folder']) || !isset($_POST['new_folder']) || !isset($_POS
exit(1);
}
-/*filename as we want it to be in the directory*/
+// what the name will be in the new directory
$new_filename = $_POST["filename"];
-/*filename as it is in the directory*/
+
+// what the name WAS in the old directory
$old_filename = $_POST["filename"];
if (isset($_POST['new_filename']))
@@ -31,6 +32,26 @@ $new_dir = get_directory($new_folder, $user);
$trash_dir = get_directory("/trash",$user);
$share_dir = get_directory("/share",$user);
+function path_combine($a, $b) {
+ $last_char = substr($a, -1);
+ if ($last_char == "/")
+ return $a . $b;
+ else
+ return $a . "/" . $b;
+}
+
+// We cannot move the folder '/foo' inside '/foo/bar'
+{
+ $old_path = path_combine($old_folder, $old_filename);
+
+ if (substr($new_folder, 0, strlen($old_path)) == $old_path) {
+ error_log("trying to move a parent directory into a subdirectory");
+ http_response_code(409);
+ exit(0);
+ }
+}
+
+
if (!$old_dir || !$new_dir || ($old_dir==$user->home_directory && ($old_filename=="share" || $old_filename=="trash"))) {
error_log("invalid src/dst dir");
http_response_code(409);