[php-blog-cvs] serendipity NEWS,1.179,1.180 serendipity_admin_images.inc.php,1.24,1.25 serendipity_functions_images.inc.php,1.22,1.23

[Garvin H. <gar...@us...>]

Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28532

Modified Files:
	NEWS serendipity_admin_images.inc.php 
	serendipity_functions_images.inc.php 
Log Message:
Make sure that the file/image manager can never remove the upload
directory, but all files in it 


Index: NEWS
===================================================================
RCS file: /cvsroot/php-blog/serendipity/NEWS,v
retrieving revision 1.179
retrieving revision 1.180
diff -u -d -r1.179 -r1.180
--- NEWS	19 Jul 2004 09:31:52 -0000	1.179
+++ NEWS	19 Jul 2004 09:44:11 -0000	1.180
@@ -3,6 +3,9 @@
 Version 0.7 ()
 ------------------------------------------------------------------------
 
+    * Make sure that the file/image manager can never remove the upload
+      directory, but all files in it (garvinhicking)
+
     * Changed database key 'mime' to varchar(255) instead of varchar(15)
       (garvinhicking)                       [DB Layout change - > 0.6.9]
 

Index: serendipity_functions_images.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions_images.inc.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- serendipity_functions_images.inc.php	19 Jul 2004 09:16:07 -0000	1.22
+++ serendipity_functions_images.inc.php	19 Jul 2004 09:44:11 -0000	1.23
@@ -893,13 +893,12 @@
         }
 
         echo '<strong>';
-        if ($serious && @rmdir($basedir . $directory)) {
+        if ($serious && !empty($directory) && !preg_match('@^.?/?$@', $directory) && @rmdir($basedir . $directory)) {
             printf(DIRECTORY_DELETE_SUCCESS . $n, $directory);
         } else {
             printf(DIRECTORY_DELETE_FAILED . $n, $directory);
         }
         echo '</strong>';
-
     }
 
     return true;

Index: serendipity_admin_images.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_admin_images.inc.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- serendipity_admin_images.inc.php	25 May 2004 16:16:14 -0000	1.24
+++ serendipity_admin_images.inc.php	19 Jul 2004 09:44:11 -0000	1.25
@@ -217,7 +217,7 @@
         $jscode = "document.getElementById('newDirectory').value = this.title; return false;";
 
         echo DIRECTORIES_AVAILABLE;
-        echo '<br /><br /><a href="#" onclick="' . $jscode . '" title="">' . PARENT_DIRECTORY . ' (' . $serendipity['uploadPath'] . ')</a>';
+        echo '<br /><br /><a href="#" onclick="' . $jscode . '" title="/">' . PARENT_DIRECTORY . ' (' . $serendipity['uploadPath'] . ')</a>';
 
         serendipity_traversePath(
           $out,