adds traversal check to deleteion
This commit is contained in:
parent
f97c87a3e9
commit
078b5360d3
1 changed files with 3 additions and 2 deletions
|
@ -314,9 +314,10 @@ class DeletesV1
|
||||||
{
|
{
|
||||||
$domain = $document->getAttribute('domain');
|
$domain = $document->getAttribute('domain');
|
||||||
$directory = APP_STORAGE_CERTIFICATES . '/' . $domain;
|
$directory = APP_STORAGE_CERTIFICATES . '/' . $domain;
|
||||||
|
$checkTraversal = realpath($directory) === $directory;
|
||||||
|
|
||||||
if($domain && is_dir($directory)) {
|
if($domain && $checkTraversal && is_dir($directory)) {
|
||||||
array_map('unlink', glob("$directory/*.*"));
|
array_map('unlink', glob($directory.'/*.*'));
|
||||||
rmdir($directory);
|
rmdir($directory);
|
||||||
Console::info("Deleted certificate files for {$domain}");
|
Console::info("Deleted certificate files for {$domain}");
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue