diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-04-03 15:21:48 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-04-03 15:21:48 +0200 |
commit | fd6c2bc7ed0ce474ac08fefb3efe88288368da98 (patch) | |
tree | a9f79a0ebda991c138cbe2cc2f4e2b52c35b46e2 | |
parent | 1b815532378bd444347d1bc741771e13108147b6 (diff) |
Fix issue #1238
-rw-r--r-- | system/database/DB_cache.php | 2 | ||||
-rw-r--r-- | system/helpers/file_helper.php | 8 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 2 |
3 files changed, 8 insertions, 4 deletions
diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php index 58e6968c0..ff942856b 100644 --- a/system/database/DB_cache.php +++ b/system/database/DB_cache.php @@ -177,7 +177,7 @@ class CI_DB_Cache { */ public function delete_all() { - delete_files($this->db->cachedir, TRUE); + delete_files($this->db->cachedir, TRUE, 0, TRUE); } } diff --git a/system/helpers/file_helper.php b/system/helpers/file_helper.php index 6e8a4ded1..3a373efd3 100644 --- a/system/helpers/file_helper.php +++ b/system/helpers/file_helper.php @@ -121,11 +121,13 @@ if ( ! function_exists('write_file')) * * @param string path to file * @param bool whether to delete any directories found in the path + * @param int + * @param bool whether to skip deleting .htaccess and index page files * @return bool */ if ( ! function_exists('delete_files')) { - function delete_files($path, $del_dir = FALSE, $level = 0) + function delete_files($path, $del_dir = FALSE, $level = 0, $htdocs = FALSE) { // Trim the trailing slash $path = rtrim($path, DIRECTORY_SEPARATOR); @@ -141,9 +143,9 @@ if ( ! function_exists('delete_files')) { if (is_dir($path.DIRECTORY_SEPARATOR.$filename) && $filename[0] !== '.') { - delete_files($path.DIRECTORY_SEPARATOR.$filename, $del_dir, $level + 1); + delete_files($path.DIRECTORY_SEPARATOR.$filename, $del_dir, $level + 1, $htdocs); } - else + elseif ($htdocs === TRUE && ! preg_match('/^(\.htaccess|index\.(html|htm|php))$/', $filename)) { @unlink($path.DIRECTORY_SEPARATOR.$filename); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 0a690a5eb..9f0d55ad5 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -50,6 +50,7 @@ Release Date: Not Released - form_dropdown() will now also take an array for unity with other form helpers. - set_realpath() can now also handle file paths as opposed to just directories. - do_hash() now uses PHP's native hash() function, supporting more algorithms. + - Added an optional paramater to ``delete_files()`` to enable it to skip deleting files such as .htaccess and index.html. - Database @@ -186,6 +187,7 @@ Bug fixes for 3.0 - Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor. - Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver. - Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set. +- Fixed a bug (#1238) - delete_all() in the `Database Caching Library <database/caching>` used to delete .htaccess and index.html files, which is a potential security risk. Version 2.1.1 ============= |