Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.6.20, 4.7.10
-
Fix Version/s: 4.7.18
-
Component/s: Core CiviCRM
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Contributed Code
Description
While a bit of a corner case, if uploadDir is set to, for example, boolean FALSE (b:0;), it can lead to the entire civicrm/ directory being purged on cache-clears.
CRM_Utils_File::cleanDir(), we already guard against other similar possibilities:
if ($target == '' || $target == '/') {
throw new Exception("Overly broad deletion");
}
I'd suggest just adding a check for FALSE-y values:
if ($target == '' || $target == '/' || !$target) {
I've marked this issue as "major" due to the possible loss of data that results in such cases.