diff options
author | adam <adam@> | 2021-02-14 10:50:31 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-14 10:50:31 +0200 |
commit | 47a01771243568017a5aedfb948a7fb2bf9543f8 (patch) | |
tree | fd1617dce8dc24af3b0536dadbafe11dc3a10764 /php/move.php | |
parent | 8c5e2a88177786da775deb551ea24cca26a686a2 (diff) | |
download | fileup-47a01771243568017a5aedfb948a7fb2bf9543f8.tar.gz |
added some sanity checks
Diffstat (limited to 'php/move.php')
-rw-r--r-- | php/move.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/php/move.php b/php/move.php index 945c697..d1bbbfc 100644 --- a/php/move.php +++ b/php/move.php @@ -26,7 +26,9 @@ $homedir = $user->home_directory; $old_dir = get_directory($old_folder, $user); $new_dir = get_directory($new_folder, $user); -if (!$old_dir || !$new_dir) { +$trash_dir = get_directory("/trash",$user); +$share_dir = get_directory("/share",$user); +if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) { error_log("invalid src/dst dir"); http_response_code(409); exit(0); |