summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-01-25 10:45:52 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2011-01-25 10:45:52 +0100
commit389d3a552e36e52b97281f0c083631c15cf8690e (patch)
tree5fe58834974615b98369c4a55caaac5d436c1106
parent2c098d73a233d329bacd4af5946ad97f6496a438 (diff)
downloadaurweb-389d3a552e36e52b97281f0c083631c15cf8690e.tar.xz
Replaced rm_rf() by rm_tree().
Implemented recursive directory deletion in PHP properly without the use of exec(). This improves security, performance and portability and makes the code compatible with PHP's Safe Mode as well as with PHP setups that disable exec() using the "disable_functions" directive. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/html/pkgsubmit.php2
-rw-r--r--web/lib/aur.inc18
2 files changed, 16 insertions, 4 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index cdcc510..c39e2f9 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -216,7 +216,7 @@ if ($_COOKIE["AURSID"]):
if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
if (file_exists($incoming_pkgdir)) {
# Blow away the existing file/dir and contents
- rm_rf($incoming_pkgdir);
+ rm_tree($incoming_pkgdir);
}
if (!@mkdir($incoming_pkgdir)) {
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index a6292ca..835b8a8 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -348,11 +348,23 @@ function can_submit_pkg($name="", $sid="") {
# recursive delete directory
#
-function rm_rf($dirname="") {
- if ($dirname != "") {
- exec('rm -rf ' . escapeshellcmd($dirname));
+function rm_tree($dirname) {
+ if (empty($dirname) || !is_dir($dirname)) return;
+
+ foreach (scandir($dirname) as $item) {
+ if ($item != '.' && $item != '..') {
+ $path = $dirname . '/' . $item;
+ if (is_file($path) || is_link($path)) {
+ unlink($path);
+ }
+ else {
+ rm_tree($path);
+ }
+ }
}
+ rmdir($dirname);
+
return;
}