hotline #67793 : renaming to .htaccess is forbidden

5de800d3 · Patrick Barroca · d89d51da · 5de800d3
Commit 5de800d3 authored 7 years ago by Patrick Barroca
--- a/ckeditor/core_five_filemanager/connectors/php/filemanager.config.php
+++ b/ckeditor/core_five_filemanager/connectors/php/filemanager.config.php
@@ -30,15 +30,33 @@ function auth() {

  require_once($base_path . 'cosmogramme/storm_init.php');

+  $file_manager = new Class_FileManager();
+
+  // rename
+  if (array_key_exists('mode', $_GET)
+      && 'rename' == $_GET['mode']
+      && array_key_exists('old', $_GET)) {
+    $suffix = '';
+
+    if(substr($_GET['old'], -1, 1) == '/') {
+      $_GET['old'] = substr($_GET['old'],0,(strlen($_GET['old'])-1));
+      $suffix = '/';
+    }
+    $tmp = explode('/', $_GET['old']);
+    $filename = $tmp[(sizeof($tmp)-1)];
+    $path = str_replace('/' . $filename,'', $_GET['old']);
+
+    return $file_manager->isAuthorized($_GET['old'])
+      && $file_manager->isAuthorized($path . '/' . $_GET['new']);
+  }
+
  $path = array_key_exists('path', $_GET) ? $_GET['path'] : '';

+  // add
  $path = array_key_exists('currentpath', $_POST) && array_key_exists('filename', $_POST)
    ? $_POST['currentpath'] . $_POST['filename'] : $path;

-  $path = (array_key_exists('mode', $_GET) && 'rename' == $_GET['mode'] && array_key_exists('old', $_GET))
-    ? $_GET['old'] : $path;
-
-  return (new Class_FileManager())->isAuthorized($path);
+  return $file_manager->isAuthorized($path);
 }