From 69239c2a520438b158c23259d8e37f32b4890331 Mon Sep 17 00:00:00 2001 From: adam Date: Sun, 14 Feb 2021 15:14:06 +0200 Subject: fixed sanity checks --- php/configuration.php | 48 +++++++++++++++++++++++++----------------------- php/configuration.php.of | 28 ++++++++++++++++++++++++++++ php/move.php | 5 ++++- 3 files changed, 57 insertions(+), 24 deletions(-) create mode 100644 php/configuration.php.of diff --git a/php/configuration.php b/php/configuration.php index 1f2f423..236db70 100644 --- a/php/configuration.php +++ b/php/configuration.php @@ -1,28 +1,30 @@ \ No newline at end of file +?> diff --git a/php/configuration.php.of b/php/configuration.php.of new file mode 100644 index 0000000..1f2f423 --- /dev/null +++ b/php/configuration.php.of @@ -0,0 +1,28 @@ + \ No newline at end of file diff --git a/php/move.php b/php/move.php index d1bbbfc..a663c5a 100644 --- a/php/move.php +++ b/php/move.php @@ -13,7 +13,9 @@ if (!isset($_POST['old_folder']) || !isset($_POST['new_folder']) || !isset($_POS exit(1); } +/*filename as we want it to be in the directory*/ $new_filename = $_POST["filename"]; +/*filename as it is in the directory*/ $old_filename = $_POST["filename"]; if (isset($_POST['new_filename'])) @@ -28,7 +30,8 @@ $old_dir = get_directory($old_folder, $user); $new_dir = get_directory($new_folder, $user); $trash_dir = get_directory("/trash",$user); $share_dir = get_directory("/share",$user); -if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) { + +if (!$old_dir || !$new_dir || ($old_dir==$user->home_directory && ($old_filename=="share" || $old_filename=="trash"))) { error_log("invalid src/dst dir"); http_response_code(409); exit(0); -- cgit v1.2.3