aboutsummaryrefslogtreecommitdiffstats
path: root/php/move.php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-14 15:14:06 +0200
committeradam <adam@>2021-02-14 15:14:06 +0200
commit69239c2a520438b158c23259d8e37f32b4890331 (patch)
treeb039adcb92a86b730ab2e995f88ca0a70e65145e /php/move.php
parent9f480bbf41205ce77d3d5075f51d91683ebcbacc (diff)
downloadfileup-69239c2a520438b158c23259d8e37f32b4890331.tar.gz
fixed sanity checks
Diffstat (limited to 'php/move.php')
-rw-r--r--php/move.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/php/move.php b/php/move.php
index d1bbbfc..a663c5a 100644
--- a/php/move.php
+++ b/php/move.php
@@ -13,7 +13,9 @@ if (!isset($_POST['old_folder']) || !isset($_POST['new_folder']) || !isset($_POS
exit(1);
}
+/*filename as we want it to be in the directory*/
$new_filename = $_POST["filename"];
+/*filename as it is in the directory*/
$old_filename = $_POST["filename"];
if (isset($_POST['new_filename']))
@@ -28,7 +30,8 @@ $old_dir = get_directory($old_folder, $user);
$new_dir = get_directory($new_folder, $user);
$trash_dir = get_directory("/trash",$user);
$share_dir = get_directory("/share",$user);
-if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) {
+
+if (!$old_dir || !$new_dir || ($old_dir==$user->home_directory && ($old_filename=="share" || $old_filename=="trash"))) {
error_log("invalid src/dst dir");
http_response_code(409);
exit(0);