Better when the user isn't allowed of deleting arbitrary files…

Thanks PHP for not highligthing the problem and not providing simple solution…
author: piernov <piernov@piernov.org> 2016-05-02 19:58:11 +0200
committer: piernov <piernov@piernov.org> 2016-05-02 19:58:11 +0200
commit: 035a477c4f30180edecead29e8bcda34a0725881 (patch)
tree: 6a374e2d6049c4a10f301a1278d719ad99916259 /inc/savegame.inc
parent: 49aaf3ec355f783507875381a426ea350f0cdea1 (diff)
download: candybox-035a477c4f30180edecead29e8bcda34a0725881.tar.gz
candybox-035a477c4f30180edecead29e8bcda34a0725881.tar.bz2
candybox-035a477c4f30180edecead29e8bcda34a0725881.tar.xz
candybox-035a477c4f30180edecead29e8bcda34a0725881.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/inc/savegame.inc b/inc/savegame.inc
index 2f8c70a..0dfb1c8 100644
--- a/inc/savegame.inc
+++ b/inc/savegame.inc
@@ -73,8 +73,9 @@ function parseSave($xml, &$table) { // Passing $table by reference
 
 function deleteSave() {
 	if(empty($_POST["filename"])) return;
-	$filename = $_POST["filename"];
-	if(unlink(SAVEDIR + "/" + $filename)) sendError("gamesave_delete_failed");
+	$path = SAVEDIR . "/" . basename($_POST["filename"]); // remove any leading directory
+	if(file_exists($path) && unlink($path))
+		sendError("gamesave_delete_failed");
 	else sendInfo("gamesave_delete_success");
 }
author	piernov <piernov@piernov.org>	2016-05-02 19:58:11 +0200
committer	piernov <piernov@piernov.org>	2016-05-02 19:58:11 +0200
commit	035a477c4f30180edecead29e8bcda34a0725881 (patch)
tree	6a374e2d6049c4a10f301a1278d719ad99916259 /inc/savegame.inc
parent	49aaf3ec355f783507875381a426ea350f0cdea1 (diff)
download	candybox-035a477c4f30180edecead29e8bcda34a0725881.tar.gz candybox-035a477c4f30180edecead29e8bcda34a0725881.tar.bz2 candybox-035a477c4f30180edecead29e8bcda34a0725881.tar.xz candybox-035a477c4f30180edecead29e8bcda34a0725881.zip