From fac3df20256f08c6f41b09ceb64e765f9af80d77 Mon Sep 17 00:00:00 2001
From: Gofannon <gofannon+github@riseup.net>
Date: Tue, 25 Aug 2020 23:31:12 +0200
Subject: [PATCH] [enh] purge of old upgrade files

---
 scripts/_common.sh | 95 ++++++++++++++++++++++++++++++++++++++++++++++
 scripts/upgrade    | 36 +++++++++++++++++-
 2 files changed, 130 insertions(+), 1 deletion(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 91adcdb..0d62977 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -12,6 +12,101 @@
 # EXPERIMENTAL HELPERS
 #=================================================
 
+# Remove a file or a directory securely
+#
+# usage: ynh_secure_remove --file=path_to_remove [--regex=regex to append to $file] [--non_recursive] [--dry_run]
+# | arg: -f, --file - File or directory to remove
+# | arg: -r, --regex - Regex to append to $file to filter the files to remove
+# | arg: -n, --non_recursive - Perform a non recursive rm and a non recursive search with the regex
+# | arg: -d, --dry_run - Do not remove, only list the files to remove
+#
+# Requires YunoHost version 2.6.4 or higher.
+ynh_secure_remove () {
+    # Declare an array to define the options of this helper.
+    local legacy_args=frnd
+    declare -Ar args_array=( [f]=file= [r]=regex= [n]=non_recursive [d]=dry_run )
+    local file
+    local regex
+    local dry_run
+    local non_recursive
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+    regex=${regex:-}
+    dry_run=${dry_run:-0}
+    non_recursive=${non_recursive:-0}
+
+    local forbidden_path="
+/var/www \
+/home/yunohost.app"
+
+    # Fail if no argument is provided to the helper.
+    if [ -z "$file" ]
+    then
+        ynh_print_warn --message="ynh_secure_remove called with no argument --file, ignoring."
+        return 0
+    fi
+
+    if [ -n "$regex" ]
+    then
+        if [ -e "$file" ]
+        then
+            if [ $non_recursive -eq 1 ]; then
+                local recursive="-maxdepth 1"
+            else
+                local recursive=""
+            fi
+            # Use find to list the files in $file and grep to filter with the regex
+            files_to_remove="$(find -P "$file" $recursive -name ".." -prune -o -print | grep --extended-regexp "$regex")"
+        else
+            ynh_print_info --message="'$file' wasn't deleted because it doesn't exist."
+            return 0
+        fi
+    else
+        files_to_remove="$file"
+    fi
+
+    # Check each file before removing it
+    while read file_to_remove
+    do
+        if [ -n "$file_to_remove" ]
+        then
+            # Check all forbidden path before removing anything
+            # First match all paths or subpaths in $forbidden_path
+            if [[ "$forbidden_path" =~ "$file_to_remove" ]] || \
+                # Match all first level paths from / (Like /var, /root, etc...)
+                [[ "$file_to_remove" =~ ^/[[:alnum:]]+$ ]] || \
+                # Match if the path finishes by /. Because it seems there is an empty variable
+                [ "${file_to_remove:${#file_to_remove}-1}" = "/" ]
+            then
+                ynh_print_err --message="Not deleting '$file_to_remove' because this path is forbidden !!!"
+
+            # If the file to remove exists
+            elif [ -e "$file_to_remove" ]
+            then
+                if [ $dry_run -eq 1 ]
+                then
+                    ynh_print_warn --message="File to remove: $file_to_remove"
+                else
+                    if [ $non_recursive -eq 1 ]; then
+                        local recursive=""
+                    else
+                        local recursive="--recursive"
+                    fi
+
+                    # Remove a file or a directory
+                    rm --force $recursive "$file_to_remove"
+                fi
+            else
+                # Ignore non existent files with regex, as we likely remove the parent directory before its content is listed.
+                if [ -z "$regex" ]
+                then
+                    ynh_print_info --message="'$file_to_remove' wasn't deleted because it doesn't exist."
+                fi  
+            fi
+        fi
+    done <<< "$(echo "$files_to_remove")"
+}
+
 #=================================================
 # FUTURE OFFICIAL HELPERS
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index e2a7375..88f5813 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -236,7 +236,41 @@ then
             # Move to the dokuwiki installation folder so the "official" commands can be used without adaptation
             cd $final_path
 
-            grep --extended-regexp --invert-match '^($|#)' data/deleted.files | xargs --max-args=1 rm --force --dir || true
+            while IFS= read -r line; do
+
+                # Added this test to reduce the spam printed by helper to the user in the webadmin.
+                # Should be less 'scary' to them I think
+                #
+                # number of messages = number of lines *2    (673 lines while writing this)
+                ### grep --extended-regexp --invert-match '^($|#)' data/deleted.files | wc -l
+                ### 673
+                #
+                # Spam sample:
+                    #Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
+                    #Info : 'inc/parser/spamcheck.php' wasn't deleted because it doesn't exist.
+                    #Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
+                    #Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
+                    #Info : 'lib/images/favicon.ico' wasn't deleted because it doesn't exist.
+                    #Info : 'lib/images/thumbup.gif' wasn't deleted because it doesn't exist.
+                    #Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
+                    #Info : 'lib/images/toolbar/code.png' wasn't deleted because it doesn't exist.
+                    #Attention : /!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time.
+                    #Info : 'lib/images/toolbar/empty.png' wasn't deleted because it doesn't exist.
+                if [ -f "$line" ]; then
+                    ynh_secure_remove --file "$line"
+                fi
+            done < <(grep --null --extended-regexp --invert-match '^($|#)' "$final_path/data/deleted.files" | xargs --null --max-args=1 || true)
+            #    ^ ^  First < is redirection, second is process substitution.
+            # Source: https://tldp.org/LDP/abs/html/process-sub.html
+
+            # Previous attemps if someone reads this one day
+            ###grep --extended-regexp --invert-match '^($|#)' data/deleted.files | xargs --max-args=1 rm --verbose --force --dir 2>&1 || true
+            ###grep --extended-regexp --invert-match '^($|#)' data/deleted.files | xargs --max-args=1 ynh_secure_remove --file 2>&1
+            
+            ###grep --null --extended-regexp --invert-match '^($|#)' data/deleted.files > toto.list
+            ###xargs --null --verbose --max-args=1 --arg-file=toto.list ynh_secure_remove 2>&1
+
+
         )
     fi