private function validate_install_path($path) { $path = PathTool::clean($path); if ($path == '') { $this->pass_val['err']['installPath'] = DMsg::Err('err_valcannotempty'); return FALSE; } if ($path[0] != '/') { $this->pass_val['err']['installPath'] = DMsg::Err('err_requireabspath'); return FALSE; } if (preg_match('/([;&"|#$?`])/', $path)) { $this->pass_val['err']['installPath'] = DMsg::Err('err_illegalcharfound'); return FALSE; } //parent exists. if (!is_dir($path)) { if (is_file($path)) { $this->pass_val['err']['installPath'] = DMsg::Err('err_invalidpath'); return FALSE; } $testpath = dirname($path); if (!is_dir($testpath)) { $this->pass_val['err']['installPath'] = DMsg::Err('err_parentdirnotexist'); return FALSE; } } else { $testpath = $path; } if ($testpath == '.' || $testpath == '/' || PathTool::isDenied($testpath)) { $this->pass_val['err']['installPath'] = 'Illegal location'; return FALSE; } return TRUE; }
protected function test_file(&$absname, &$err, $attr) { if ($attr->_maxVal == NULL) { return 1; } // no permission test $absname = PathTool::clean($absname); if (isset($_SERVER['LS_CHROOT'])) { $root = $_SERVER['LS_CHROOT']; $len = strlen($root); if (strncmp($absname, $root, $len) == 0) { $absname = substr($absname, $len); } } if ($attr->_type == 'file0') { if (!file_exists($absname)) { return 1; //allow non-exist } } if ($attr->_type == 'path' || $attr->_type == 'filep' || $attr->_type == 'dir') { $type = 'path'; } else { $type = 'file'; } if ($type == 'path' && !is_dir($absname) || $type == 'file' && !is_file($absname)) { $err = $type . ' ' . htmlspecialchars($absname) . ' does not exist.'; if ($this->allow_create($attr, $absname)) { $err .= ' <a href="javascript:lst_createFile(\'' . $attr->GetKey() . '\')">CLICK TO CREATE</a>'; } else { $err .= ' Please create manually.'; } return -1; } if (strpos($attr->_maxVal, 'r') !== FALSE && !is_readable($absname)) { $err = $type . ' ' . htmlspecialchars($absname) . ' is not readable'; return -1; } if (strpos($attr->_maxVal, 'w') !== FALSE && !is_writable($absname)) { $err = $type . ' ' . htmlspecialchars($absname) . ' is not writable'; return -1; } return 1; }