diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-04-24 10:41:25 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-04-24 10:41:25 -0700 |
commit | ec474c8f70406149ec515a0e09020ecd1b5292ec (patch) | |
tree | 746924de52524bf6b11171559ec0b7619d269a00 /actions/admin | |
parent | 12e1aa2e380c6ea13251d2e626228483c4ab8da5 (diff) | |
download | elgg-ec474c8f70406149ec515a0e09020ecd1b5292ec.tar.gz elgg-ec474c8f70406149ec515a0e09020ecd1b5292ec.tar.bz2 |
Fixes #4324. Not allowing relative paths for dataroot in advance settings.
Diffstat (limited to 'actions/admin')
-rw-r--r-- | actions/admin/site/update_advanced.php | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 23d622a62..897a2f983 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) { $site->url = get_input('wwwroot'); datalist_set('path', sanitise_filepath(get_input('path'))); - datalist_set('dataroot', sanitise_filepath(get_input('dataroot'))); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); if (get_input('simplecache_enabled')) { elgg_enable_simplecache(); |