From a679750e03de9abaed8a323533b896d8a1f10d2b Mon Sep 17 00:00:00 2001 From: marcus Date: Wed, 20 Aug 2008 11:29:08 +0000 Subject: Refs #273: Extra sanity checking on install git-svn-id: https://code.elgg.org/elgg/trunk@2025 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/admin/site/update_basic.php | 4 ++-- actions/systemsettings/install.php | 23 +++++++++++++++++++++-- engine/lib/input.php | 19 +++++++++++++++++++ languages/en.php | 7 ++++++- 4 files changed, 48 insertions(+), 5 deletions(-) diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index 12d74a535..37c9b9073 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -31,8 +31,8 @@ $site->name = get_input('sitename'); $site->url = get_input('wwwroot'); - datalist_set('path',get_input('path')); - datalist_set('dataroot',get_input('dataroot')); + datalist_set('path',sanitise_filepath(get_input('path'))); + datalist_set('dataroot',sanitise_filepath(get_input('dataroot'))); set_config('language', get_input('language'), $site->getGUID()); diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php index fa7d3a511..25e757b82 100644 --- a/actions/systemsettings/install.php +++ b/actions/systemsettings/install.php @@ -13,11 +13,30 @@ * @link http://elgg.org/ */ + elgg_set_viewtype('failsafe'); // Set failsafe again incase we get an exception thrown + if (is_installed()) forward(); if (get_input('settings') == 'go') { if (!datalist_get('default_site')) { + + // Sanitise + $path = sanitise_filepath(get_input('path')); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // Blank? + if ($dataroot == "/") + throw new InstallationException(elgg_echo('InstallationException:DatarootBlank')); + + // That it's valid + if (strpos($dataroot, $path)!==false) + throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootUnderPath'), $dataroot)); + + // Check data root is writable + if (!is_writable($dataroot)) + throw new InstallationException(sprintf(elgg_echo('InstallationException:DatarootNotWritable'), $dataroot)); + $site = new ElggSite(); $site->name = get_input('sitename'); @@ -31,8 +50,8 @@ datalist_set('installed',time()); - datalist_set('path',get_input('path')); - datalist_set('dataroot',get_input('dataroot')); + datalist_set('path', $path); + datalist_set('dataroot', $dataroot); datalist_set('default_site',$site->getGUID()); diff --git a/engine/lib/input.php b/engine/lib/input.php index 187242f8e..4b36393d8 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -63,6 +63,25 @@ $CONFIG->input = array(); $CONFIG->input[trim($variable)] = trim($value); + } + + /** + * Sanitise file paths for input, ensuring that they begin and end with slashes etc. + * + * @param string $path The path + * @return string + */ + function sanitise_filepath($path) + { + // Convert to correct UNIX paths + $path = str_replace('\\', '/', $path); + + // Sort trailing slash + $path = trim($path); + $path = rtrim($path, " /"); + $path = $path . "/"; + + return $path; } /** diff --git a/languages/en.php b/languages/en.php index 1bc4f6386..6e72793c0 100644 --- a/languages/en.php +++ b/languages/en.php @@ -148,7 +148,12 @@ 'ConfigurationException:BadDatabaseVersion' => "The database backend you have installed doesn't meet the basic requirements to run Elgg. Please consult your documentation.", 'ConfigurationException:BadPHPVersion' => "You need at least PHP version 5.2 to run Elgg.", - + + + 'InstallationException:DatarootNotWritable' => "Your data directory %s is not writable.", + 'InstallationException:DatarootUnderPath' => "Your data directory %s must be outside of your install path.", + 'InstallationException:DatarootBlank' => "You have not specified a data directory.", + /** * User details */ -- cgit v1.2.3