From 048132bd8a6f51732aca1ac82b4e6a3fb6a1428a Mon Sep 17 00:00:00 2001 From: hbrain Date: Sun, 5 Jul 2026 21:55:20 +0200 Subject: [PATCH] Skip inaccessible MVLog input dirs --- admin.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/admin.php b/admin.php index bac63d4..9f6f928 100644 --- a/admin.php +++ b/admin.php @@ -263,8 +263,18 @@ function ensure_input_dir_permissions($dir){ elseif (is_file($path)) @chmod($path, 0664); } } -function input_dirs($base){ $dirs = glob($base.'/*', GLOB_ONLYDIR) ?: []; foreach ($dirs as $dir) ensure_input_dir_permissions($dir); return $dirs; } -function safe_input_dir($base, $name){ $name = basename((string)$name); $path = realpath($base . '/' . $name); $root = realpath($base); if (!$path || !$root || !str_starts_with($path, $root . DIRECTORY_SEPARATOR) || !is_dir($path)) throw new RuntimeException('Invalid input directory.'); ensure_input_dir_permissions($path); return $path; } +function input_dir_accessible($dir){ return is_dir($dir) && !is_link($dir) && is_array(@scandir($dir)); } +function input_dirs($base){ + $dirs = glob($base.'/*', GLOB_ONLYDIR) ?: []; + $out = []; + foreach ($dirs as $dir) { + ensure_input_dir_permissions($dir); + if (input_dir_accessible($dir)) $out[] = $dir; + else error_log('Skipping inaccessible input dir: ' . $dir); + } + return $out; +} +function safe_input_dir($base, $name){ $name = basename((string)$name); $path = realpath($base . '/' . $name); $root = realpath($base); if (!$path || !$root || !str_starts_with($path, $root . DIRECTORY_SEPARATOR) || !is_dir($path) || !input_dir_accessible($path)) throw new RuntimeException('Invalid or inaccessible input directory.'); ensure_input_dir_permissions($path); return $path; } function article_id_is_valid($id){ return is_string($id) && preg_match('/^[0-9]{14}[a-f0-9]{16}$/', $id); } function generate_article_id(){ return gmdate('YmdHis') . bin2hex(random_bytes(8)); } function read_article_id($dir){ @@ -668,7 +678,9 @@ function media_sort_datetime($path){ function list_files($dir){ ensure_input_dir_permissions($dir); - $files = array_values(array_filter(scandir($dir), fn($f)=>editable_file($f) && is_file($dir.'/'.$f))); + $items = @scandir($dir); + if (!is_array($items)) return []; + $files = array_values(array_filter($items, fn($f)=>editable_file($f) && is_file($dir.'/'.$f))); $orderFile = $dir . '/order.json'; $media = [];