From ec474c8f70406149ec515a0e09020ecd1b5292ec Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Tue, 24 Apr 2012 10:41:25 -0700
Subject: Fixes #4324. Not allowing relative paths for dataroot in advance
 settings.

---
 actions/admin/site/update_advanced.php | 19 ++++++++++++++++++-
 languages/en.php                       |  1 +
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 23d622a62..897a2f983 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) {
 	$site->url = get_input('wwwroot');
 
 	datalist_set('path', sanitise_filepath(get_input('path')));
-	datalist_set('dataroot', sanitise_filepath(get_input('dataroot')));
+	$dataroot = sanitise_filepath(get_input('dataroot'));
+
+	// check for relative paths
+	if (stripos(PHP_OS, 'win') === 0) {
+		if (strpos($dataroot, ':') !== 1) {
+			$msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+			register_error($msg);
+			forward(REFERER);
+		}
+	} else {
+		if (strpos($dataroot, '/') !== 0) {
+			$msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+			register_error($msg);
+			forward(REFERER);
+		}
+	}
+
+	datalist_set('dataroot', $dataroot);
 
 	if (get_input('simplecache_enabled')) {
 		elgg_enable_simplecache();
diff --git a/languages/en.php b/languages/en.php
index 14df3db34..e48f992d7 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -562,6 +562,7 @@ $english = array(
 
 	'admin:configuration:success' => "Your settings have been saved.",
 	'admin:configuration:fail' => "Your settings could not be saved.",
+	'admin:configuration:dataroot:relative_path' => 'Cannot set "%s" as the dataroot because it is not an absolute path.',
 
 	'admin:unknown_section' => 'Invalid Admin Section.',
 
-- 
cgit v1.2.3