summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-04-03 15:21:48 +0200
committerAndrey Andreev <narf@bofh.bg>2012-04-03 15:21:48 +0200
commitfd6c2bc7ed0ce474ac08fefb3efe88288368da98 (patch)
treea9f79a0ebda991c138cbe2cc2f4e2b52c35b46e2
parent1b815532378bd444347d1bc741771e13108147b6 (diff)
Fix issue #1238
-rw-r--r--system/database/DB_cache.php2
-rw-r--r--system/helpers/file_helper.php8
-rw-r--r--user_guide_src/source/changelog.rst2
3 files changed, 8 insertions, 4 deletions
diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php
index 58e6968c0..ff942856b 100644
--- a/system/database/DB_cache.php
+++ b/system/database/DB_cache.php
@@ -177,7 +177,7 @@ class CI_DB_Cache {
*/
public function delete_all()
{
- delete_files($this->db->cachedir, TRUE);
+ delete_files($this->db->cachedir, TRUE, 0, TRUE);
}
}
diff --git a/system/helpers/file_helper.php b/system/helpers/file_helper.php
index 6e8a4ded1..3a373efd3 100644
--- a/system/helpers/file_helper.php
+++ b/system/helpers/file_helper.php
@@ -121,11 +121,13 @@ if ( ! function_exists('write_file'))
*
* @param string path to file
* @param bool whether to delete any directories found in the path
+ * @param int
+ * @param bool whether to skip deleting .htaccess and index page files
* @return bool
*/
if ( ! function_exists('delete_files'))
{
- function delete_files($path, $del_dir = FALSE, $level = 0)
+ function delete_files($path, $del_dir = FALSE, $level = 0, $htdocs = FALSE)
{
// Trim the trailing slash
$path = rtrim($path, DIRECTORY_SEPARATOR);
@@ -141,9 +143,9 @@ if ( ! function_exists('delete_files'))
{
if (is_dir($path.DIRECTORY_SEPARATOR.$filename) && $filename[0] !== '.')
{
- delete_files($path.DIRECTORY_SEPARATOR.$filename, $del_dir, $level + 1);
+ delete_files($path.DIRECTORY_SEPARATOR.$filename, $del_dir, $level + 1, $htdocs);
}
- else
+ elseif ($htdocs === TRUE && ! preg_match('/^(\.htaccess|index\.(html|htm|php))$/', $filename))
{
@unlink($path.DIRECTORY_SEPARATOR.$filename);
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 0a690a5eb..9f0d55ad5 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -50,6 +50,7 @@ Release Date: Not Released
- form_dropdown() will now also take an array for unity with other form helpers.
- set_realpath() can now also handle file paths as opposed to just directories.
- do_hash() now uses PHP's native hash() function, supporting more algorithms.
+ - Added an optional paramater to ``delete_files()`` to enable it to skip deleting files such as .htaccess and index.html.
- Database
@@ -186,6 +187,7 @@ Bug fixes for 3.0
- Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor.
- Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver.
- Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set.
+- Fixed a bug (#1238) - delete_all() in the `Database Caching Library <database/caching>` used to delete .htaccess and index.html files, which is a potential security risk.
Version 2.1.1
=============