Replaced rm_rf() by rm_tree().

Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

2 files changed, 16 insertions, 4 deletions

diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index cdcc5103..c39e2f9e 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -216,7 +216,7 @@ if ($_COOKIE["AURSID"]):
 			if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
 				if (file_exists($incoming_pkgdir)) {
 					# Blow away the existing file/dir and contents
-					rm_rf($incoming_pkgdir);
+					rm_tree($incoming_pkgdir);
 				}
 
 				if (!@mkdir($incoming_pkgdir)) {
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index a6292caa..835b8a85 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -348,11 +348,23 @@ function can_submit_pkg($name="", $sid="") {
 
 # recursive delete directory
 #
-function rm_rf($dirname="") {
-	if ($dirname != "") {
-		exec('rm -rf ' . escapeshellcmd($dirname));
+function rm_tree($dirname) {
+	if (empty($dirname) || !is_dir($dirname)) return;
+
+	foreach (scandir($dirname) as $item) {
+		if ($item != '.' && $item != '..') {
+			$path = $dirname . '/' . $item;
+			if (is_file($path) || is_link($path)) {
+				unlink($path);
+			}
+			else {
+				rm_tree($path);
+			}
+		}
 	}
 
+	rmdir($dirname);
+
 	return;
 }