diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-06-04 12:04:32 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-06-04 12:04:32 +0100 |
| commit | 6c27d6eebffef49b4aad09f3ca5201ef06d77977 (patch) | |
| tree | 354bcd7c64d7363d7489826bfa2c6ce5b0a09e51 | |
| parent | c2ee8dbe34483e5abe1a4e30783c5feebe737fc9 (diff) | |
| download | kernel-6c27d6eebffef49b4aad09f3ca5201ef06d77977.tar.gz kernel-6c27d6eebffef49b4aad09f3ca5201ef06d77977.tar.bz2 kernel-6c27d6eebffef49b4aad09f3ca5201ef06d77977.zip | |
admin_system: fix cache prune safety check to allow TEMP_PKG_PATH and STORAGE_PKG_PATH
The guard strpos($item['path'], BIT_ROOT_PATH) always failed for any cache
directory under TEMP_PKG_PATH (e.g. icons, modules, system cache) since
TEMP_PKG_PATH is outside the web root. None of those caches were ever
actually cleared. Extend the check to accept all three known safe roots.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rwxr-xr-x | admin/admin_system.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/admin/admin_system.php b/admin/admin_system.php index 31a1d53..2929aee 100755 --- a/admin/admin_system.php +++ b/admin/admin_system.php @@ -78,7 +78,8 @@ if( !empty( $_GET['prune'] ) ) { foreach( $diskUsage as $key => $item ) { if( $_GET['prune'] == $key || $_GET['prune'] == 'all' ) { $dir = $item['path'].( !empty( $item['subdir'] ) ? '/'.$item['subdir'] : '' ); - if( is_dir( $dir ) && strpos( $item['path'], BIT_ROOT_PATH ) === 0 ) { + $safeRoot = strpos( $item['path'], BIT_ROOT_PATH ) === 0 || strpos( $item['path'], TEMP_PKG_PATH ) === 0 || strpos( $item['path'], STORAGE_PKG_PATH ) === 0; + if( is_dir( $dir ) && $safeRoot ) { if( KernelTools::unlink_r( $dir )) { $reload = true; } else { |