diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-01-25 10:45:52 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-01-25 10:45:52 +0100 |
commit | 389d3a552e36e52b97281f0c083631c15cf8690e (patch) | |
tree | 5fe58834974615b98369c4a55caaac5d436c1106 | |
parent | 2c098d73a233d329bacd4af5946ad97f6496a438 (diff) | |
download | aurweb-389d3a552e36e52b97281f0c083631c15cf8690e.tar.xz |
Replaced rm_rf() by rm_tree().
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/html/pkgsubmit.php | 2 | ||||
-rw-r--r-- | web/lib/aur.inc | 18 |
2 files changed, 16 insertions, 4 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index cdcc510..c39e2f9 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -216,7 +216,7 @@ if ($_COOKIE["AURSID"]): if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) { if (file_exists($incoming_pkgdir)) { # Blow away the existing file/dir and contents - rm_rf($incoming_pkgdir); + rm_tree($incoming_pkgdir); } if (!@mkdir($incoming_pkgdir)) { diff --git a/web/lib/aur.inc b/web/lib/aur.inc index a6292ca..835b8a8 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -348,11 +348,23 @@ function can_submit_pkg($name="", $sid="") { # recursive delete directory # -function rm_rf($dirname="") { - if ($dirname != "") { - exec('rm -rf ' . escapeshellcmd($dirname)); +function rm_tree($dirname) { + if (empty($dirname) || !is_dir($dirname)) return; + + foreach (scandir($dirname) as $item) { + if ($item != '.' && $item != '..') { + $path = $dirname . '/' . $item; + if (is_file($path) || is_link($path)) { + unlink($path); + } + else { + rm_tree($path); + } + } } + rmdir($dirname); + return; } |