aboutsummaryrefslogtreecommitdiff
path: root/actions/systemsettings
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-20 11:29:08 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-20 11:29:08 +0000
commita679750e03de9abaed8a323533b896d8a1f10d2b (patch)
tree34476c7ce2430de3a1c5ca3c5e84b25ad70db8cd /actions/systemsettings
parent5dfdf35745318385c0ddcb4018eb65f17da24f47 (diff)
downloadelgg-a679750e03de9abaed8a323533b896d8a1f10d2b.tar.gz
elgg-a679750e03de9abaed8a323533b896d8a1f10d2b.tar.bz2
Refs #273: Extra sanity checking on install
git-svn-id: https://code.elgg.org/elgg/trunk@2025 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'actions/systemsettings')
-rw-r--r--actions/systemsettings/install.php23
1 files changed, 21 insertions, 2 deletions
diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php
index fa7d3a511..25e757b82 100644
--- a/actions/systemsettings/install.php
+++ b/actions/systemsettings/install.php
@@ -13,11 +13,30 @@
* @link http://elgg.org/
*/
+ elgg_set_viewtype('failsafe'); // Set failsafe again incase we get an exception thrown
+
if (is_installed()) forward();
if (get_input('settings') == 'go') {
if (!datalist_get('default_site')) {
+
+ // Sanitise
+ $path = sanitise_filepath(get_input('path'));
+ $dataroot = sanitise_filepath(get_input('dataroot'));
+
+ // Blank?
+ if ($dataroot == "/")
+ throw new InstallationException(elgg_echo('InstallationException:DatarootBlank'));
+
+ // That it's valid
+ if (strpos($dataroot, $path)!==false)
+ throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootUnderPath'), $dataroot));
+
+ // Check data root is writable
+ if (!is_writable($dataroot))
+ throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootNotWritable'), $dataroot));
+
$site = new ElggSite();
$site->name = get_input('sitename');
@@ -31,8 +50,8 @@
datalist_set('installed',time());
- datalist_set('path',get_input('path'));
- datalist_set('dataroot',get_input('dataroot'));
+ datalist_set('path', $path);
+ datalist_set('dataroot', $dataroot);
datalist_set('default_site',$site->getGUID());