From 3c76594abb4a31636453cf3d2bbb82c72d136ef7 Mon Sep 17 00:00:00 2001 From: Andreas Grundler Date: Mon, 21 Oct 2013 16:35:32 +0200 Subject: [PATCH] Fixed CleanupData to prevent recursive delete of all data --- lib/classes/aps/class.ApsInstaller.php | 29 +++++++++++++++----------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/lib/classes/aps/class.ApsInstaller.php b/lib/classes/aps/class.ApsInstaller.php index 4529ab7e..2f882449 100644 --- a/lib/classes/aps/class.ApsInstaller.php +++ b/lib/classes/aps/class.ApsInstaller.php @@ -269,18 +269,23 @@ class ApsInstaller extends ApsParser $this->db->query('DELETE FROM `' . TABLE_APS_INSTANCES . '` WHERE `ID` = ' . $this->db->escape($Row['InstanceID'])); $this->db->query('DELETE FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID'])); - //remove data, #273 - if($this->DomainPath != '' && $this->DomainPath != '/') { - self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/'); - } else { - // save awstats/webalizer folder if it's the docroot - self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/', true); - // place standard-index file - $loginname = getLoginNameByUid($Row['CustomerID']); - if($loginname !== false) - { - storeDefaultIndex($loginname, $this->RealPath . $this->DomainPath . '/'); - } + if($this->DomainPath != '' && checkDisallowedPaths($this->DomainPath)) + { + $documentroot = getCustomerDetail($Row['CustomerID'],'documentroot'); + + //remove data, #273 + if($this->DomainPath != $documentroot) { + self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/'); + } else { + // save awstats/webalizer folder if it's the docroot + self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/', true); + // place standard-index file + $loginname = getLoginNameByUid($Row['CustomerID']); + if($loginname !== false) + { + storeDefaultIndex($loginname, $this->RealPath . $this->DomainPath . '/'); + } + } } } }