Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 09:49:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

* uninstall: do not allow directories outside BASE

Browse Source 
* uninstall: do not allow absolute paths
This commit is contained in:
slawkens 2018-01-08 17:19:56 +01:00
parent 5aa1ae003e
commit 4f0fca021c
2 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
system/libs/plugins.php
View File

@ -236,16 +236,32 @@ class Plugins {
else { else {
$success = true; $success = true;
foreach($plugin_info['uninstall'] as $file) { foreach($plugin_info['uninstall'] as $file) {
$file = BASE . $file; if(strpos($file, '/') === 0) {
if(!deleteDirectory($file)) {
$success = false; $success = false;
self::$error = "You cannot use absolute paths (starting with slash - '/'): " . $file;
break;
}
$file = BASE . $file;
if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) {
$success = false;
self::$error = "You don't have rights to delete: " . $file;
break;
}
}
if($success) {
foreach($plugin_info['uninstall'] as $file) {
if(!deleteDirectory(BASE . $file)) {
self::$warnings[] = 'Cannot delete: ' . $$file;
}
} }
} }
if (isset($plugin_info['hooks'])) { if (isset($plugin_info['hooks'])) {
foreach ($plugin_info['hooks'] as $_name => $info) { foreach ($plugin_info['hooks'] as $_name => $info) {
if (defined('HOOK_'. $info['type'])) { if (defined('HOOK_'. $info['type'])) {
$hook = constant('HOOK_'. $info['type']); //$hook = constant('HOOK_'. $info['type']);
$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';'); $query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
if ($query->rowCount() == 1) { // found something if ($query->rowCount() == 1) { // found something
$query = $query->fetch(); $query = $query->fetch();
@ -263,9 +279,6 @@ class Plugins {
return true; return true;
} }
else {
self::$error = error_get_last();
}
} }
} }
} }

2
system/pages/admin/plugins.php
View File

@ -22,7 +22,7 @@ if(isset($_REQUEST['uninstall'])){
success('Successfully uninstalled plugin ' . $uninstall); success('Successfully uninstalled plugin ' . $uninstall);
} }
else { else {
error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError()); error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
} }
} }
else if(isset($_FILES["plugin"]["name"])) else if(isset($_FILES["plugin"]["name"]))