Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent deleting things outside the log dir

This commit is contained in:
claudiulodro 2018-09-14 09:26:58 -07:00
parent 5f2b915f18
commit 3bbf05d025
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/log-handlers/class-wc-log-handler-file.php
View File

@ -249,7 +249,8 @@ class WC_Log_Handler_File extends WC_Log_Handler {
public function remove( $handle ) { public function remove( $handle ) {
$removed = false; $removed = false;
$file = trailingslashit( WC_LOG_DIR ) . $handle; $file = trailingslashit( WC_LOG_DIR ) . $handle;
if ( $file ) {
if ( 0 === stripos( realpath( $file ), WC_LOG_DIR ) ) {
if ( is_file( $file ) && is_writable( $file ) ) { // phpcs:ignore WordPress.VIP.FileSystemWritesDisallow.file_ops_is_writable if ( is_file( $file ) && is_writable( $file ) ) { // phpcs:ignore WordPress.VIP.FileSystemWritesDisallow.file_ops_is_writable
$this->close( $file ); // Close first to be certain no processes keep it alive after it is unlinked. $this->close( $file ); // Close first to be certain no processes keep it alive after it is unlinked.
$removed = unlink( $file ); // phpcs:ignore WordPress.VIP.FileSystemWritesDisallow.file_ops_unlink $removed = unlink( $file ); // phpcs:ignore WordPress.VIP.FileSystemWritesDisallow.file_ops_unlink