- Модуль: webdav
- Путь к файлу: ~/bitrix/modules/webdav/classes/file.php
- Класс: CWebDavFile
- Вызов: CWebDavFile::CheckRights
function CheckRights($method = "", $strong = false, $path = false)
{
$result = true;
if (!parent::CheckRights($method))
{
$result = false;
$GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
}
elseif ($path <> '')
{
$io = CBXVirtualIo::GetInstance();
$path = $io->CombinePath($this->_udecode($path));
$strFileName = GetFileName($path);
$extention = ".".mb_strtolower(GetFileExtension($strFileName));
if (in_array($method, array("COPY", "MOVE", "PUT")))
{
if (!$GLOBALS["USER"]->IsAdmin() && HasScriptExtension($strFileName))
{
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
}
elseif (IsFileUnsafe($strFileName) || $strFileName == "index.php")
{
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
}
elseif (!$io->ValidatePathString($io->CombinePath("/", $path)) || !$io->ValidateFilenameString($strFileName))
{
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
}
elseif (in_array($extention, $this->arFileForbiddenExtentions["WRITE"]))
{
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
}
}
elseif (in_array($extention, $this->arFileForbiddenExtentions["READ"]))
{
$result = false;
$GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
}
}
return $result;
}