Fix bug allowing you to delete your own site directory

This commit is contained in:
Kyle Drake 2015-06-07 21:54:25 -07:00
parent 092eb4536f
commit 397f34a014
3 changed files with 26 additions and 0 deletions

View file

@ -48,6 +48,10 @@ post '/api/delete' do
api_error 400, 'bad_filename', "#{path} is not a valid filename, canceled deleting"
end
if current_site.files_path(path) == current_site.files_path
api_error 400, 'cannot_delete_site_directory', 'cannot delete the root directory of the site'
end
if !current_site.file_exists?(path)
api_error 400, 'missing_files', "#{path} was not found on your site, canceled deleting"
end