aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-04-24 10:41:25 -0700
committerBrett Profitt <brett.profitt@gmail.com>2012-04-24 10:41:25 -0700
commitec474c8f70406149ec515a0e09020ecd1b5292ec (patch)
tree746924de52524bf6b11171559ec0b7619d269a00
parent12e1aa2e380c6ea13251d2e626228483c4ab8da5 (diff)
downloadelgg-ec474c8f70406149ec515a0e09020ecd1b5292ec.tar.gz
elgg-ec474c8f70406149ec515a0e09020ecd1b5292ec.tar.bz2
Fixes #4324. Not allowing relative paths for dataroot in advance settings.
-rw-r--r--actions/admin/site/update_advanced.php19
-rw-r--r--languages/en.php1
2 files changed, 19 insertions, 1 deletions
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 23d622a62..897a2f983 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) {
$site->url = get_input('wwwroot');
datalist_set('path', sanitise_filepath(get_input('path')));
- datalist_set('dataroot', sanitise_filepath(get_input('dataroot')));
+ $dataroot = sanitise_filepath(get_input('dataroot'));
+
+ // check for relative paths
+ if (stripos(PHP_OS, 'win') === 0) {
+ if (strpos($dataroot, ':') !== 1) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ } else {
+ if (strpos($dataroot, '/') !== 0) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ }
+
+ datalist_set('dataroot', $dataroot);
if (get_input('simplecache_enabled')) {
elgg_enable_simplecache();
diff --git a/languages/en.php b/languages/en.php
index 14df3db34..e48f992d7 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -562,6 +562,7 @@ $english = array(
'admin:configuration:success' => "Your settings have been saved.",
'admin:configuration:fail' => "Your settings could not be saved.",
+ 'admin:configuration:dataroot:relative_path' => 'Cannot set "%s" as the dataroot because it is not an absolute path.',
'admin:unknown_section' => 'Invalid Admin Section.',