diff --git a/htroot/ConfigUpdate_p.java b/htroot/ConfigUpdate_p.java index be5481449..4e0ca6db7 100644 --- a/htroot/ConfigUpdate_p.java +++ b/htroot/ConfigUpdate_p.java @@ -110,10 +110,17 @@ public class ConfigUpdate_p { final String release = post.get("releaseinstall", ""); if (!release.isEmpty()) { try { + // only delete files from RELEASE directory + if (FileUtils.isInDirectory(new File(sb.releasePath, release), sb.releasePath)) { FileUtils.deletedelete(new File(sb.releasePath, release)); FileUtils.deletedelete(new File(sb.releasePath, release + ".sig")); + } else { + sb.getLog().logSevere("AUTO-UPDATE: could not delete " + release + ": file not in release directory."); + } } catch (final NullPointerException e) { sb.getLog().logSevere("AUTO-UPDATE: could not delete release " + release + ": " + e.getMessage()); + } catch (final IOException e) { + sb.getLog().logSevere("AUTO-UPDATE: could not delete release " + release + ": " + e.getMessage()); } } } diff --git a/source/net/yacy/kelondro/util/FileUtils.java b/source/net/yacy/kelondro/util/FileUtils.java index 2e631466a..cf773f33e 100644 --- a/source/net/yacy/kelondro/util/FileUtils.java +++ b/source/net/yacy/kelondro/util/FileUtils.java @@ -851,5 +851,22 @@ public final class FileUtils { } } } + + /** + * Checks if a certain file is in a given directory. + * @param file the file to check + * @param directory the directory which must contain the file + * @return true if file is contained in diretory + */ + public static boolean isInDirectory(final File file, final File directory) throws IOException { + + return + directory != null + && directory.isDirectory() + && file != null + && file.isFile() + && directory.getCanonicalPath().equalsIgnoreCase( + file.getParentFile().getCanonicalPath()); + } }