Skip to content

Commit

Permalink
MDL-36977 Be more picky when it comes to migrating files in moodle1 b…
Browse files Browse the repository at this point in the history 
…ackups
  • Loading branch information
@mudrd8mz @danpoltawski
mudrd8mz authored and danpoltawski committed Jan 8, 2013
1 parent 7b66137 commit 0ab681d
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion backup/converter/moodle1/lib.php
View file
Expand Up @@ -642,7 +642,9 @@ public static function find_referenced_files($text) {
} }
foreach ($matches[2] as $match) { foreach ($matches[2] as $match) {
$file = str_replace(array('$@FILEPHP@$', '$@SLASH@$', '$@FORCEDOWNLOAD@$'), array('', '/', ''), $match); $file = str_replace(array('$@FILEPHP@$', '$@SLASH@$', '$@FORCEDOWNLOAD@$'), array('', '/', ''), $match);
$files[] = rawurldecode($file); if ($file === clean_param($file, PARAM_PATH)) {
$files[] = rawurldecode($file);
}
} }


return array_unique($files); return array_unique($files);
Expand Down Expand Up @@ -1210,6 +1212,10 @@ public function migrate_file($sourcepath, $filepath = '/', $filename = null, $so


$sourcefullpath = $this->basepath.'/'.$sourcepath; $sourcefullpath = $this->basepath.'/'.$sourcepath;


if ($sourcefullpath !== clean_param($sourcefullpath, PARAM_PATH)) {
throw new moodle1_convert_exception('file_invalid_path', $sourcefullpath);
}

if (!is_readable($sourcefullpath)) { if (!is_readable($sourcefullpath)) {
throw new moodle1_convert_exception('file_not_readable', $sourcefullpath); throw new moodle1_convert_exception('file_not_readable', $sourcefullpath);
} }
Expand Down

0 comments on commit 0ab681d

Please sign in to comment.