make sure cache dir is a directory before running exec command

2025-02-11 09:35:00 +00:00 · 2018-06-27 18:54:08 +02:00 · 2018-06-27 18:54:08 +02:00 · 0be0ffdbe5
commit 0be0ffdbe5
parent 384d1f58b5
1 changed files with 7 additions and 0 deletions
--- a/op/op.ClearCache.php
+++ b/op/op.ClearCache.php
@ -31,6 +31,13 @@ if(!checkFormKey('clearcache')) {
 	UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
 }

+/* Make sure the cacheDir exists and isn't manipulated for executing
+ * commands when system() is being called.
+ */
+if(!is_dir($settings->_cacheDir)) {
+	UI::exitError(getMLText("admin_tools"),getMLText("error_cleared_cache"));
+}
+
 if(!empty($_POST['preview'])) {
 	$cmd = 'rm -rf '.$settings->_cacheDir.'/[1-9]*';
 	$ret = null;