Commit 389d3a55 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Replaced rm_rf() by rm_tree().



Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 2c098d73
......@@ -216,7 +216,7 @@ if ($_COOKIE["AURSID"]):
if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
if (file_exists($incoming_pkgdir)) {
# Blow away the existing file/dir and contents
rm_rf($incoming_pkgdir);
rm_tree($incoming_pkgdir);
}
if (!@mkdir($incoming_pkgdir)) {
......
......@@ -348,10 +348,22 @@ function can_submit_pkg($name="", $sid="") {
# recursive delete directory
#
function rm_rf($dirname="") {
if ($dirname != "") {
exec('rm -rf ' . escapeshellcmd($dirname));
function rm_tree($dirname) {
if (empty($dirname) || !is_dir($dirname)) return;
foreach (scandir($dirname) as $item) {
if ($item != '.' && $item != '..') {
$path = $dirname . '/' . $item;
if (is_file($path) || is_link($path)) {
unlink($path);
}
else {
rm_tree($path);
}
}
}
rmdir($dirname);
return;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment