return($size[2]);
}
}
+
+function validate_include(&$file) {
+ $orig_file = $file;
+
+ $file = realpath($file);
+
+ if (strpos($file, getcwd()) !== 0)
+ return false;
+
+ $file = str_replace(getcwd()."/", "", $file, $count);
+ if ($count != 1)
+ return false;
+
+ if ($orig_file !== $file)
+ return false;
+
+ $valid = false;
+ if (strpos($file, "include/") === 0)
+ $valid = true;
+
+ if (strpos($file, "addon/") === 0)
+ $valid = true;
+
+ if (!$valid)
+ return false;
+
+ return true;
+}
$argc = count($argv);
- // To-Do: Check for existance
- require_once(basename($argv[0]));
+ // Check for existance and validity of the include file
+ $include = $argv[0];
+
+ if (!validate_include($include)) {
+ logger("Include file ".$argv[0]." is not valid!");
+ q("DELETE FROM `workerqueue` WHERE `id` = %d", intval($r[0]["id"]));
+ continue;
+ }
+
+ require_once($include);
$funcname=str_replace(".php", "", basename($argv[0]))."_run";
logger("Process ".getmypid().": ".$funcname." - done");
q("DELETE FROM `workerqueue` WHERE `id` = %d", intval($r[0]["id"]));
- }
+ } else
+ logger("Function ".$funcname." does not exist");
}
}
projects / friendica.git / commitdiff