update

2024-11-21 23:20:24 +00:00 · 2024-05-01 02:14:27 +03:00 · 2024-05-01 02:14:27 +03:00 · b27886a6ff
commit b27886a6ff
parent 7a3f581b7b
3 changed files with 25 additions and 12 deletions
--- a/web/app/Models/Backup.php
+++ b/web/app/Models/Backup.php
@ -51,7 +51,7 @@ class Backup extends Model
               Storage::path('backups')
           ]);
           if (Storage::disk('backups')->exists($model->filepath)) {
-               Storage::disk('backups')->delete($model->filepath);
+                Storage::disk('backups')->delete($model->filepath);
           }
        });
    }
@ -130,7 +130,9 @@ class Backup extends Model
                    ];
                }

-                ShellApi::safeRmRf($this->path);
+                ShellApi::safeDelete($this->path,[
+                    Storage::path('backups')
+                ]);

                $this->size = filesize(Storage::disk('backups')->path($this->filepath));
                $this->status = 'completed';
--- a/web/app/Models/Domain.php
+++ b/web/app/Models/Domain.php
@ -95,21 +95,30 @@ class Domain extends Model
            if (empty($model->domain_public)) {
                return;
            }
+            $findHostingSubscription = HostingSubscription::where('id', $model->hosting_subscription_id)->first();
+            if (! $findHostingSubscription) {
+                return;
+            }

-            shell_exec('rm -rf '.$model->domain_public);
+            ShellApi::safeDelete($model->domain_root, ['/home/' . $findHostingSubscription->system_username]);
+
+            $whiteListedPathsForDelete = [
+                '/etc/apache2/sites-available',
+                '/etc/apache2/sites-enabled',
+            ];

            $apacheConf = '/etc/apache2/sites-available/'.$model->domain.'.conf';
-            shell_exec('rm -rf '.$apacheConf);
+            ShellApi::safeDelete($apacheConf, $whiteListedPathsForDelete);

            $apacheConfEnabled = '/etc/apache2/sites-enabled/'.$model->domain.'.conf';
-            shell_exec('rm -rf '.$apacheConfEnabled);
+            ShellApi::safeDelete($apacheConfEnabled, $whiteListedPathsForDelete);

            // SSL
            $apacheSSLConf = '/etc/apache2/sites-available/'.$model->domain.'-ssl.conf';
-            shell_exec('rm -rf '.$apacheSSLConf);
+            ShellApi::safeDelete($apacheSSLConf, $whiteListedPathsForDelete);

            $apacheSSLConfEnabled = '/etc/apache2/sites-enabled/'.$model->domain.'-ssl.conf';
-            shell_exec('rm -rf '.$apacheSSLConfEnabled);
+            ShellApi::safeDelete($apacheSSLConfEnabled, $whiteListedPathsForDelete);

        });

--- a/web/app/ShellApi.php
+++ b/web/app/ShellApi.php
@ -12,14 +12,16 @@ class ShellApi
            throw new \Exception('Whitelist paths cannot be empty');
        }

-        $errorsBag = [];
+        $canIDeleteFile = false;
        foreach ($whiteListedPaths as $whiteListedPath) {
-            if (!Str::of($pathOrFile)->startsWith($whiteListedPath)) {
-                $errorsBag[] = 'Cannot delete this path';
+            if (Str::of($pathOrFile)->startsWith($whiteListedPath)) {
+                $canIDeleteFile = true;
+                break;
            }
        }
-        if (!empty($errorsBag)) {
-            throw new \Exception('Cannot delete this path');
+
+        if (!$canIDeleteFile) {
+            throw new \Exception('Cannot delete this path:' . $pathOrFile . '. Allowed paths are:' . implode(',', $whiteListedPaths));
        }

        $exec = shell_exec('rm -rf ' . $pathOrFile);