Don't allow deletion of access root directories

author Jamie Cameron <jcameron@webmin.com>

Fri, 12 Oct 2007 00:38:21 +0000 (00:38 +0000)

committer Jamie Cameron <jcameron@webmin.com>

Fri, 12 Oct 2007 00:38:21 +0000 (00:38 +0000)
author Jamie Cameron <jcameron@webmin.com>
Fri, 12 Oct 2007 00:38:21 +0000 (00:38 +0000)
committer Jamie Cameron <jcameron@webmin.com>
Fri, 12 Oct 2007 00:38:21 +0000 (00:38 +0000)
diff --git a/file/delete.cgi b/file/delete.cgi

index 6efc366..a097292 100755 (executable)
--- a/file/delete.cgi
+++ b/file/delete.cgi
@@ -11,6 +11,10 @@ if ($access{'ro'} || !&can_access($in{'file'})) {
         print &text('delete_eaccess', $in{'file'}),"\n";
         exit;
         }
+if (&indexof($in{'file'}, @allowed_roots) >= 0) {
+       print &text('delete_eroot', $in{'file'}),"\n";
+       exit;
+       }
  if (-r &unmake_chroot($in{'file'}) && !-d &unmake_chroot($in{'file'})) {
         &switch_acl_uid_and_chroot();
         $rv = unlink($in{'file'});
diff --git a/file/lang/en b/file/lang/en

index 2f5bc98..7d0b923 100644 (file)
--- a/file/lang/en
+++ b/file/lang/en
@@ -219,6 +219,7 @@ copy_eto=You are not allowed to copy to '$1'
  copy_elink=symlink failed : $1
  
  delete_eaccess=You are not allowed to delete '$1'
+delete_eroot=The directory '$1' is one of those that you are limited to, and so cannot be deleted
  
  list_eaccess=You are not allowed to access this directory
  list_edir=Failed to list $1 : $2
author	Jamie Cameron <jcameron@webmin.com>
	Fri, 12 Oct 2007 00:38:21 +0000 (00:38 +0000)
committer	Jamie Cameron <jcameron@webmin.com>
	Fri, 12 Oct 2007 00:38:21 +0000 (00:38 +0000)
file/delete.cgi		patch \| blob \| history
file/lang/en		patch \| blob \| history