Code improvements to tolerate using other disk for courses directory - needs widescale testing and possibly further improvements (closes #2511)

skala
Yannick Warnier 14 years ago
parent 5c4db40533
commit 65b9e5d6f2
  1. 2
      main/course_home/course_home.php
  2. 2
      main/inc/lib/add_course.lib.inc.php
  3. 10
      main/inc/lib/security.lib.php

@ -35,7 +35,7 @@ $language_file = 'course_home';
$use_anonymous = true; $use_anonymous = true;
// Inlcuding the global initialization file. // Inlcuding the global initialization file.
require '../../main/inc/global.inc.php'; require dirname(__FILE__).'/../inc/global.inc.php';
// Delete LP sessions // Delete LP sessions
unset($_SESSION['oLP']); unset($_SESSION['oLP']);

@ -204,7 +204,7 @@ function prepare_course_repository($course_repository, $course_code) {
\$cidReq = \"$course_code\"; \$cidReq = \"$course_code\";
\$dbname = \"$course_code\"; \$dbname = \"$course_code\";
include(\"../../main/course_home/course_home.php\"); include(\"".api_get_path(SYS_CODE_PATH)."course_home/course_home.php\");
?>"); ?>");
fwrite($fd, $string); fwrite($fd, $string);
@chmod(api_get_path(SYS_COURSE_PATH).$course_repository . '/index.php',$perm_file); @chmod(api_get_path(SYS_COURSE_PATH).$course_repository . '/index.php',$perm_file);

@ -42,6 +42,7 @@ class Security {
* @return bool True if the path is under the checker, false otherwise * @return bool True if the path is under the checker, false otherwise
*/ */
public static function check_abs_path ($abs_path,$checker_path) { public static function check_abs_path ($abs_path,$checker_path) {
global $_configuration;
if (empty($checker_path)) {return false;} //checker path must be set if (empty($checker_path)) {return false;} //checker path must be set
$true_path=str_replace("\\", "/", realpath($abs_path)); $true_path=str_replace("\\", "/", realpath($abs_path));
@ -49,6 +50,13 @@ class Security {
$found = strpos($true_path.'/',$checker_path); $found = strpos($true_path.'/',$checker_path);
if ($found===0) { if ($found===0) {
return true; return true;
} else {
//code specific to courses directory stored on other disk
$checker_path = str_replace(api_get_path(SYS_COURSE_PATH),$_configuration['symbolic_course_folder_abs'],$checker_path);
$found = strpos($true_path.'/',$checker_path);
if ($found === 0) {
return true;
}
} }
return false; return false;
} }
@ -240,4 +248,4 @@ class Security {
return $purifier[$user_status]->purify($var); return $purifier[$user_status]->purify($var);
} }
} }
} }

Loading…
Cancel
Save