diff options
| -rw-r--r-- | actions/admin/site/update_basic.php | 4 | ||||
| -rw-r--r-- | actions/systemsettings/install.php | 23 | ||||
| -rw-r--r-- | engine/lib/input.php | 19 | ||||
| -rw-r--r-- | languages/en.php | 7 |
4 files changed, 48 insertions, 5 deletions
diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index 12d74a535..37c9b9073 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -31,8 +31,8 @@ $site->name = get_input('sitename');
$site->url = get_input('wwwroot');
- datalist_set('path',get_input('path'));
- datalist_set('dataroot',get_input('dataroot')); + datalist_set('path',sanitise_filepath(get_input('path')));
+ datalist_set('dataroot',sanitise_filepath(get_input('dataroot'))); set_config('language', get_input('language'), $site->getGUID()); diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php index fa7d3a511..25e757b82 100644 --- a/actions/systemsettings/install.php +++ b/actions/systemsettings/install.php @@ -13,11 +13,30 @@ * @link http://elgg.org/
*/ + elgg_set_viewtype('failsafe'); // Set failsafe again incase we get an exception thrown + if (is_installed()) forward(); if (get_input('settings') == 'go') {
if (!datalist_get('default_site')) {
+ + // Sanitise + $path = sanitise_filepath(get_input('path')); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // Blank? + if ($dataroot == "/") + throw new InstallationException(elgg_echo('InstallationException:DatarootBlank')); + + // That it's valid + if (strpos($dataroot, $path)!==false) + throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootUnderPath'), $dataroot)); + + // Check data root is writable + if (!is_writable($dataroot)) + throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootNotWritable'), $dataroot)); + $site = new ElggSite();
$site->name = get_input('sitename');
@@ -31,8 +50,8 @@ datalist_set('installed',time());
- datalist_set('path',get_input('path'));
- datalist_set('dataroot',get_input('dataroot'));
+ datalist_set('path', $path);
+ datalist_set('dataroot', $dataroot); datalist_set('default_site',$site->getGUID()); diff --git a/engine/lib/input.php b/engine/lib/input.php index 187242f8e..4b36393d8 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -63,6 +63,25 @@ $CONFIG->input = array();
$CONFIG->input[trim($variable)] = trim($value);
+ } + + /** + * Sanitise file paths for input, ensuring that they begin and end with slashes etc. + * + * @param string $path The path + * @return string + */ + function sanitise_filepath($path) + { + // Convert to correct UNIX paths + $path = str_replace('\\', '/', $path); + + // Sort trailing slash + $path = trim($path); + $path = rtrim($path, " /"); + $path = $path . "/"; + + return $path; }
/**
diff --git a/languages/en.php b/languages/en.php index 1bc4f6386..6e72793c0 100644 --- a/languages/en.php +++ b/languages/en.php @@ -148,7 +148,12 @@ 'ConfigurationException:BadDatabaseVersion' => "The database backend you have installed doesn't meet the basic requirements to run Elgg. Please consult your documentation.", 'ConfigurationException:BadPHPVersion' => "You need at least PHP version 5.2 to run Elgg.",
-
+ + + 'InstallationException:DatarootNotWritable' => "Your data directory %s is not writable.", + 'InstallationException:DatarootUnderPath' => "Your data directory %s must be outside of your install path.", + 'InstallationException:DatarootBlank' => "You have not specified a data directory.", +
/**
* User details
*/
|