From 128aa107baf2bbf713a6af43182e1bc6d9c7a1a7 Mon Sep 17 00:00:00 2001
From: magikcypress <cyp@rouquin.me>
Date: Tue, 18 Apr 2017 02:47:58 +0200
Subject: [fix] secure rm + upgrade

---
 scripts/.fonctions | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'scripts/.fonctions')

diff --git a/scripts/.fonctions b/scripts/.fonctions
index 0a148a6..064a0c9 100644
--- a/scripts/.fonctions
+++ b/scripts/.fonctions
@@ -226,3 +226,31 @@ ynh_psql_drop_db() {
 ynh_psql_drop_user() {
     sudo su -c "dropuser ${1}" postgres
 }
+
+# Remove a file or a directory securely
+#
+# usage: ynh_secure_remove path_to_remove
+# | arg: path_to_remove - File or directory to remove
+ynh_secure_remove () {
+  path_to_remove=$1
+  forbidden_path=" \
+  /var/www \
+  /home/yunohost.app"
+
+  if [[ "$forbidden_path" =~ "$path_to_remove" \
+    # Match all path or subpath in $forbidden_path
+    || "$path_to_remove" =~ ^/[[:alnum:]]+$ \
+    # Match all first level path from / (Like /var, /root, etc...)
+    || "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
+    # Match if the path finish by /. Because it's seems there is an empty variable
+  then
+    echo "Avoid deleting of $path_to_remove." >&2
+  else
+    if [ -e "$path_to_remove" ]
+    then
+      sudo rm -R "$path_to_remove"
+    else
+      echo "$path_to_remove doesn't deleted because it's not exist." >&2
+    fi
+  fi
+}
\ No newline at end of file
-- 
cgit v1.2.3-70-g09d2