Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Deletion of files in migration

Browse Source
This commit is contained in:
Laurent Destailleur
2018-07-27 12:33:36 +02:00
parent 927727edf3
commit 83ae27d122
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/lib/files.lib.php
View File

@@ -1118,10 +1118,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
* @param int $nophperrors Disable all PHP output errors * @param int $nophperrors Disable all PHP output errors
* @param int $nohook Disable all hooks * @param int $nohook Disable all hooks
* @param object $object Current object in use * @param object $object Current object in use
* @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose.
* @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error
* @see dol_delete_dir * @see dol_delete_dir
*/ */
function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null) function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null,$allowdotdot=false)
{ {
global $db, $conf, $user, $langs; global $db, $conf, $user, $langs;
global $hookmanager; global $hookmanager;
@@ -1133,7 +1134,7 @@ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=n
// Security: // Security:
// We refuse transversal using .. and pipes into filenames. // We refuse transversal using .. and pipes into filenames.
if (preg_match('/\.\./',$file) || preg_match('/[<>|]/',$file)) if ((! $allowdotdot && preg_match('/\.\./',$file)) || preg_match('/[<>|]/',$file))
{ {
dol_syslog("Refused to delete file ".$file, LOG_WARNING); dol_syslog("Refused to delete file ".$file, LOG_WARNING);
return false; return false;

2
htdocs/install/upgrade2.php
View File

@@ -4442,7 +4442,7 @@ function migrate_delete_old_files($db,$langs,$conf)
$result=1; $result=1;
if (file_exists($filetodelete)) if (file_exists($filetodelete))
{ {
$result=dol_delete_file($filetodelete); $result=dol_delete_file($filetodelete,0,0,0,null,true);
if (! $result) if (! $result)
{ {
$langs->load("errors"); $langs->load("errors");