Don't allow installing a library which overwrites core folders (#27300)

joomla · Jan 1, 2020 · 8e991cf · 8e991cf
1 parent 8f40198
commit 8e991cf
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/administrator/language/en-GB/en-GB.lib_joomla.ini b/administrator/language/en-GB/en-GB.lib_joomla.ini
@@ -493,6 +493,7 @@ JLIB_INSTALLER_ABORT_INSTALL_CUSTOM_INSTALL_FAILURE="Extension %s: Custom instal
 JLIB_INSTALLER_ABORT_LIB_COPY_FILES="Library %s: Could not copy files from the source."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_ALREADY_INSTALLED="Library Install: Library already installed."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_COPY_SETUP="Library Install: Could not copy setup file."
+JLIB_INSTALLER_ABORT_LIB_INSTALL_CORE_FOLDER="Library Install: Library has the same name as a core folder."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_FAILED_TO_CREATE_DIRECTORY="Library Install: Failed to create folder: %s"
 JLIB_INSTALLER_ABORT_LIB_INSTALL_NOFILE="Library Install: No library file specified."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_ROLLBACK="Library Install: %s"

diff --git a/language/en-GB/en-GB.lib_joomla.ini b/language/en-GB/en-GB.lib_joomla.ini
@@ -493,6 +493,7 @@ JLIB_INSTALLER_ABORT_INSTALL_CUSTOM_INSTALL_FAILURE="Extension %s: Custom instal
 JLIB_INSTALLER_ABORT_LIB_COPY_FILES="Library %s: Could not copy files from the source."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_ALREADY_INSTALLED="Library Install: Library already installed."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_COPY_SETUP="Library Install: Could not copy setup file."
+JLIB_INSTALLER_ABORT_LIB_INSTALL_CORE_FOLDER="Library Install: Library has the same name as a core folder."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_FAILED_TO_CREATE_DIRECTORY="Library Install: Failed to create folder: %s"
 JLIB_INSTALLER_ABORT_LIB_INSTALL_NOFILE="Library Install: No library file specified."
 JLIB_INSTALLER_ABORT_LIB_INSTALL_ROLLBACK="Library Install: %s"

diff --git a/libraries/src/Installer/Adapter/LibraryAdapter.php b/libraries/src/Installer/Adapter/LibraryAdapter.php
@@ -234,6 +234,14 @@ protected function setupInstallPaths()
 			throw new \RuntimeException(\JText::_('JLIB_INSTALLER_ABORT_LIB_INSTALL_NOFILE'));
 		}
 
+		// Don't install libraries which would override core folders
+		$restrictedFolders = array('cms', 'fof', 'idna_convert', 'joomla', 'legacy', 'php-encryption', 'phpass', 'phputf8', 'src', 'vendor');
+
+		if (in_array($group, $restrictedFolders))
+		{
+			throw new \RuntimeException(\JText::_('JLIB_INSTALLER_ABORT_LIB_INSTALL_CORE_FOLDER'));
+		}
+
 		$this->parent->setPath('extension_root', JPATH_PLATFORM . '/' . implode(DIRECTORY_SEPARATOR, explode('/', $group)));
 	}