Hello there,
I have been having problems with webfm related to what I guess is an infinite recursion. I have a link inside main webfm directory that points up to it's parent. This link lets me and my users manage also the default/files/ directory through webfm. But the problem, I suppose, is that webfm tries to create the directory tree without knowing it will never finish due to this infinite recursion. Firefox says: a JavaScript script is busy or has left responding blah blah => Continue // Stop script (I have not the English version, so the translation may not be the exact one).

I think that previous versions of webfm didn't gave this error. Is it possible?

Comments

cgmonroe’s picture

cgmonroe commented
Category: bug » support

Changed to support request because IMHO this is outside the scope of what WebFM is designed for.

If you think about what you have done, it's understandable why this happens. You have a link which looks like a subdirectory in the webfm root that goes to its parent... then when you "walk" the tree, you look at the subdirectory link, see the webfm root directory, then see the link subdirectory again, then see the parent directory and... continue ad nausium.

IMHO, it's a big security risk to allow WebFM to "play" outside it's sandbox. It shouldn't allow this to happen by default. E.g., someone breaks into your admin account, sets the WebFM root directory to your system root, and installs all sorts of nasty things using WebFM.. not nice.

That said, if you don't care about security.. somewhere in the issues is a thread about allowing ".." to be used in the webfm root directory property. I think it was a change to the regex test. This would allow you to specify ".." as your WebFM root and access the files directory without recursion.

robmilne’s picture

robmilne commented

Just checking in after a holiday break. WebFM isn't designed to operate on ".." paths - end of story. I will not allow this module to monkey with the files of other modules - unless of course other modules choose to place their files inside the WebFM space.

robmilne’s picture

robmilne commented
Status: Active » Closed (won't fix)