stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-19 19:09:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Forbid from add symbolink link in admin server add. Read ticket #744 for more details.

Browse Source
This commit is contained in:
Jan Koprowski
2009-09-12 20:36:02 +02:00
committed by Bharat Mediratta
parent 59eadacc67
commit 7cc37451f4
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
modules/server_add/controllers/admin_server_add.php
View File

@@ -34,15 +34,17 @@ class Admin_Server_Add_Controller extends Admin_Controller {
$form = $this->_get_admin_form();
$paths = unserialize(module::get_var("server_add", "authorized_paths", "a:0:{}"));
if ($form->validate()) {
if (is_readable($form->add_path->path->value)) {
if (is_link($form->add_path->path->value)) {
$form->add_path->path->add_error("is_symlink", 1);
} else if (! is_readable($form->add_path->path->value)) {
$form->add_path->path->add_error("not_readable", 1);
} else {
$path = $form->add_path->path->value;
$paths[$path] = 1;
module::set_var("server_add", "authorized_paths", serialize($paths));
message::success(t("Added path %path", array("path" => $path)));
server_add::check_config($paths);
url::redirect("admin/server_add");
} else {
$form->add_path->path->add_error("not_readable", 1);
}
}
@@ -84,9 +86,10 @@ class Admin_Server_Add_Controller extends Admin_Controller {
array("id" => "gServerAddAdminForm"));
$add_path = $form->group("add_path");
$add_path->input("path")->label(t("Path"))->rules("required")
->error_messages("not_readable", t("This directory is not readable by the webserver"));
->error_messages("not_readable", t("This directory is not readable by the webserver"))
->error_messages("is_symlink", t("Path can not be symbolic link"));
$add_path->submit("add")->value(t("Add Path"));
return $form;
}
}
}