Skip to content

Commit c52c5d6

Browse files
matthewpimatthewpi
committed
Deny certain paths for mounts
1 parent b02a49f commit c52c5d6

File tree

1 file changed

+33
-1
lines changed

1 file changed

+33
-1
lines changed

app/Http/Controllers/Admin/MountController.php

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,21 @@ public function create(MountFormRequest $request)
105105
$model = (new Mount())->fill($request->validated());
106106
$model->forceFill(['uuid' => Uuid::uuid4()->toString()]);
107107

108+
if (str_starts_with($model->source, '/var/lib/pterodactyl/volumes')) {
109+
$this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
110+
return redirect()->route('admin.mounts');
111+
}
112+
113+
if (str_starts_with($model->source, '/srv/daemon-data')) {
114+
$this->alert->danger('Invalid source path: "/srv/daemon-data" cannot be used as a source path.')->flash();
115+
return redirect()->route('admin.mounts');
116+
}
117+
118+
if (str_starts_with($model->target, '/home/container')) {
119+
$this->alert->danger('Invalid target path: "/home/container" cannot be used as a target path.')->flash();
120+
return redirect()->route('admin.mounts');
121+
}
122+
108123
$model->saveOrFail();
109124
$mount = $model->fresh();
110125

@@ -128,7 +143,24 @@ public function update(MountFormRequest $request, Mount $mount)
128143
return $this->delete($mount);
129144
}
130145

131-
$mount->forceFill($request->validated())->save();
146+
$mount->forceFill($request->validated());
147+
148+
if (str_starts_with($mount->source, '/var/lib/pterodactyl/volumes')) {
149+
$this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
150+
return redirect()->route('admin.mounts.view', $mount->id);
151+
}
152+
153+
if (str_starts_with($mount->source, '/srv/daemon-data')) {
154+
$this->alert->danger('Invalid source path: "/srv/daemon-data" cannot be used as a source path.')->flash();
155+
return redirect()->route('admin.mounts.view', $mount->id);
156+
}
157+
158+
if (str_starts_with($mount->target, '/home/container')) {
159+
$this->alert->danger('Invalid target path: "/home/container" cannot be used as a target path.')->flash();
160+
return redirect()->route('admin.mounts.view', $mount->id);
161+
}
162+
163+
$mount->save();
132164

133165
$this->alert->success('Mount was updated successfully.')->flash();
134166

0 commit comments

Comments
 (0)