Skip to content
This repository has been archived by the owner on Jun 13, 2020. It is now read-only.

Commit

Permalink
Add file_unlink on page delete and prevent index overwrite
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctrlcctrlv
ctrlcctrlv committed Mar 29, 2015
1 parent fe6683e commit 076b64a
Showing 1 changed file with 14 additions and 7 deletions.
21 changes: 14 additions & 7 deletions inc/mod/pages.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3353,14 +3353,18 @@ function delete_page_base($page = '', $board = false) {
if ($board !== FALSE && !openBoard($board))
error($config['error']['noboard']);

if ($board) {
$query = prepare('DELETE FROM ``pages`` WHERE `board` = :board AND `name` = :name');
$query->bindValue(':board', ($board ? $board : NULL));
} else {
$query = prepare('DELETE FROM ``pages`` WHERE `board` IS NULL AND `name` = :name');
if (preg_match('/^[a-z0-9]{1,255}$/', $page) && !preg_match('/^(index|catalog|index\+50)|(\d+)$/', $page)) {
if ($board) {
$query = prepare('DELETE FROM ``pages`` WHERE `board` = :board AND `name` = :name');
$query->bindValue(':board', ($board ? $board : NULL));
} else {
$query = prepare('DELETE FROM ``pages`` WHERE `board` IS NULL AND `name` = :name');
}
$query->bindValue(':name', $page);
$query->execute() or error(db_error($query));

@file_unlink(($board ? ($board . '/') : '') . $page . '.html');
}
$query->bindValue(':name', $page);
$query->execute() or error(db_error($query));

header('Location: ?/edit_pages' . ($board ? ('/' . $board) : ''), true, $config['redirect_http']);
}
Expand Down Expand Up @@ -3475,6 +3479,9 @@ function mod_pages($board = false) {
if (!preg_match('/^[a-z0-9]{1,255}$/', $_POST['page']))
error(_('Page names must be < 255 chars and may only contain lowercase letters A-Z and digits 1-9.'));

if (preg_match('/^(index|catalog|index\+50)|(\d+)$/', $_POST['page']))
error(_('Nope.'));

foreach ($pages as $i => $p) {
if ($_POST['page'] === $p['name'])
error(_('Refusing to create a new page with the same name as an existing one.'));
Expand Down

0 comments on commit 076b64a

Please sign in to comment.