aboutsummaryrefslogtreecommitdiff
path: root/actions/admin
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-04-24 10:41:25 -0700
committerBrett Profitt <brett.profitt@gmail.com>2012-04-24 10:41:25 -0700
commitec474c8f70406149ec515a0e09020ecd1b5292ec (patch)
tree746924de52524bf6b11171559ec0b7619d269a00 /actions/admin
parent12e1aa2e380c6ea13251d2e626228483c4ab8da5 (diff)
downloadelgg-ec474c8f70406149ec515a0e09020ecd1b5292ec.tar.gz
elgg-ec474c8f70406149ec515a0e09020ecd1b5292ec.tar.bz2
Fixes #4324. Not allowing relative paths for dataroot in advance settings.
Diffstat (limited to 'actions/admin')
-rw-r--r--actions/admin/site/update_advanced.php19
1 files changed, 18 insertions, 1 deletions
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 23d622a62..897a2f983 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) {
$site->url = get_input('wwwroot');
datalist_set('path', sanitise_filepath(get_input('path')));
- datalist_set('dataroot', sanitise_filepath(get_input('dataroot')));
+ $dataroot = sanitise_filepath(get_input('dataroot'));
+
+ // check for relative paths
+ if (stripos(PHP_OS, 'win') === 0) {
+ if (strpos($dataroot, ':') !== 1) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ } else {
+ if (strpos($dataroot, '/') !== 0) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ }
+
+ datalist_set('dataroot', $dataroot);
if (get_input('simplecache_enabled')) {
elgg_enable_simplecache();