/** * Get rowkey from an ATK/SQL selector. * * We sneak rowkeys in the selectors as negative ids. * * @param string $selector * * @return mixed Key in negative int form or false if we failed to get the key */ private static function getRowKeyFromSelector($selector) { $selector = Tools::decodeKeyValuePair($selector); $selector_values = array_values($selector); if (count($selector_values) === 1 && is_numeric($selector_values[0]) && $selector_values[0] <= 0) { return -1 * $selector_values[0]; } return false; }
/** * This function overrides the deleteDb function to delete a file * from the selected directory. * * @param string $selector The identifier of the file that should be deleted * * @return bool The result of the file deletion */ public function deleteDb($selector) { $sessmngr = SessionManager::getInstance(); $this->m_dir = $this->stripDir($sessmngr->stackVar('dirname')); $decodedselector = Tools::decodeKeyValuePair($selector); $filename = $decodedselector['dummy.filename']; Tools::atk_var_dump($this->m_dir, 'm_dir'); Tools::atk_var_dump($filename, 'filename'); if (strpos($filename, '..') === false) { unlink($this->m_dir . $filename); Tools::atkdebug('Deleted ' . $this->m_dir . $filename); } else { Tools::atkerror('Cannot unlink relative files. Possible hack attempt detected!'); } return true; }