[SUCS Devel] [Git][sucssite/sucs-site][sucs-site] 3 commits: stop .forward file being a symlink
Andrew Price
welshbyte at sucs.org
Sat Apr 1 19:33:34 BST 2017
On 01/04/17 18:33, Imran Hussain wrote:
> =====================================
> lib/session.php
> =====================================
> --- a/lib/session.php
> +++ b/lib/session.php
> @@ -228,7 +228,7 @@ class Session
> // the bash script returns 0 for no and 1 for yes, takes one arg, username
> $this->email = shell_exec("../plugins/sucsunreadmail $user");
>
> - if (file_exists($info['homedirectory'][0] . "/.forward")) {
> + if (file_exists($info['homedirectory'][0] . "/.forward") && ! is_link($info['homedirectory'][0] . "/.forward")) {
> $forward = file($info['homedirectory'][0] . "/.forward");
> $this->email_forward = preg_replace("/\n/", "", $forward[0]);
> }
Other cases you might want to consider:
- What if ~/.forward is created to be bigger than the available virtual
memory (sparse or actual size)?
- What if ~/.forward is replaced by a symlink between the is_link() call
and the file() call?
Andy
More information about the Devel
mailing list