diff options
author | Alex Vitkov <alexvitkov98@gmail.com> | 2021-03-20 10:58:25 +0200 |
---|---|---|
committer | Alex Vitkov <alexvitkov98@gmail.com> | 2021-03-20 10:58:25 +0200 |
commit | 0255b5f7f31c4c6caefc736c59ba6959d671a92d (patch) | |
tree | 0bdad18ce5a702b7133b5169fb40d7951a8c105e /php/move.php | |
parent | cb3949d974f30501281fd2546ef23c81ac0282b3 (diff) | |
download | fileup-0255b5f7f31c4c6caefc736c59ba6959d671a92d.tar.gz |
Broke up loggedin.js into modules
Diffstat (limited to 'php/move.php')
-rw-r--r-- | php/move.php | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/php/move.php b/php/move.php index 5b8df30..ab70adf 100644 --- a/php/move.php +++ b/php/move.php @@ -13,9 +13,10 @@ if (!isset($_POST['old_folder']) || !isset($_POST['new_folder']) || !isset($_POS exit(1); } -/*filename as we want it to be in the directory*/ +// what the name will be in the new directory $new_filename = $_POST["filename"]; -/*filename as it is in the directory*/ + +// what the name WAS in the old directory $old_filename = $_POST["filename"]; if (isset($_POST['new_filename'])) @@ -31,6 +32,26 @@ $new_dir = get_directory($new_folder, $user); $trash_dir = get_directory("/trash",$user); $share_dir = get_directory("/share",$user); +function path_combine($a, $b) { + $last_char = substr($a, -1); + if ($last_char == "/") + return $a . $b; + else + return $a . "/" . $b; +} + +// We cannot move the folder '/foo' inside '/foo/bar' +{ + $old_path = path_combine($old_folder, $old_filename); + + if (substr($new_folder, 0, strlen($old_path)) == $old_path) { + error_log("trying to move a parent directory into a subdirectory"); + http_response_code(409); + exit(0); + } +} + + if (!$old_dir || !$new_dir || ($old_dir==$user->home_directory && ($old_filename=="share" || $old_filename=="trash"))) { error_log("invalid src/dst dir"); http_response_code(409); |