leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Guard admin deletes against missing files

Browse Source 
Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-24 13:19:20 +00:00
parent 0ef2679808
commit c84ee486f3
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/d.admin.php
View File

@@ -68,7 +68,9 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
$filename = $files_folder_root . DIRECTORY_SEPARATOR . $safe_name; $filename = $files_folder_root . DIRECTORY_SEPARATOR . $safe_name;
$real_filename = realpath($filename); $real_filename = realpath($filename);
if ($real_filename && str_starts_with($real_filename, $files_folder_root . DIRECTORY_SEPARATOR)) { if ($real_filename && str_starts_with($real_filename, $files_folder_root . DIRECTORY_SEPARATOR)) {
if (file_exists($real_filename)) {
unlink($real_filename); unlink($real_filename);
}
error_log(date('r')." \t".$user->name." (".$user->id.") \tDELETE \tDelete wiki file '".$safe_name."'\r\n",3,$config['logs_folder'].'wiki-files.log'); error_log(date('r')." \t".$user->name." (".$user->id.") \tDELETE \tDelete wiki file '".$safe_name."'\r\n",3,$config['logs_folder'].'wiki-files.log');
} }
} }
@@ -180,9 +182,11 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
$delete_path = $tmp_folder_root . DIRECTORY_SEPARATOR . $safe_name; $delete_path = $tmp_folder_root . DIRECTORY_SEPARATOR . $safe_name;
$real_delete_path = realpath($delete_path); $real_delete_path = realpath($delete_path);
if ($real_delete_path && str_starts_with($real_delete_path, $tmp_folder_root . DIRECTORY_SEPARATOR)) { if ($real_delete_path && str_starts_with($real_delete_path, $tmp_folder_root . DIRECTORY_SEPARATOR)) {
if (file_exists($real_delete_path)) {
unlink($real_delete_path); unlink($real_delete_path);
} }
} }
}
$output = Array(); $output = Array();
$backup_file = Array(); $backup_file = Array();
} }
@@ -222,10 +226,12 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
$delete_path = $tmp_folder_root . DIRECTORY_SEPARATOR . $safe_name; $delete_path = $tmp_folder_root . DIRECTORY_SEPARATOR . $safe_name;
$real_delete_path = realpath($delete_path); $real_delete_path = realpath($delete_path);
if ($real_delete_path && str_starts_with($real_delete_path, $tmp_folder_root . DIRECTORY_SEPARATOR)) { if ($real_delete_path && str_starts_with($real_delete_path, $tmp_folder_root . DIRECTORY_SEPARATOR)) {
if (file_exists($real_delete_path)) {
unlink($real_delete_path); unlink($real_delete_path);
} }
} }
} }
}
else { else {
// Nom du fichier de sauvegarde // Nom du fichier de sauvegarde
$timestamp = date('Ymd_His'); $timestamp = date('Ymd_His');