From 47ce6d9e33eea2d1ce02b40f31b697384f9b036a Mon Sep 17 00:00:00 2001
From: Maniack Crudelis <maniackcrudelis@users.noreply.github.com>
Date: Sun, 30 Apr 2017 22:37:52 +0200
Subject: [PATCH] New helper ynh_secure_remove (#281)

* New helper ynh_secure_remove
A secure way to remove a file or directory.
Prevent to knew issues.
Tested with this paths:
- / -> Not removed
- /var -> Not removed
- /var/www -> Not removed
- /var/www/file -> Removed
- /opt -> Not removed
- /opt/file -> Removed
- /home/yunohost.app -> Not removed
- /home -> Not removed
- /home/ -> Not removed
- // -> Not removed
- /etc/cron.d/ -> Not removed
- /etc -> Not removed
- /etc/ -> Not removed
- /etc/X11 -> Removed
- /etc/X11/$var -> Removed (if $var is not empty)

* JimboJoe's typo fix
---
 data/helpers.d/filesystem | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/data/helpers.d/filesystem b/data/helpers.d/filesystem
index bce58b5cf..0d13c4825 100644
--- a/data/helpers.d/filesystem
+++ b/data/helpers.d/filesystem
@@ -80,3 +80,31 @@ properly with chmod/chown." >&2
     chmod 755 $TMP_DIR
     echo $TMP_DIR
 }
+
+# Remove a file or a directory securely
+#
+# usage: ynh_secure_remove path_to_remove
+# | arg: path_to_remove - File or directory to remove
+ynh_secure_remove () {
+	path_to_remove=$1
+	forbidden_path=" \
+	/var/www \
+	/home/yunohost.app"
+
+	if [[ "$forbidden_path" =~ "$path_to_remove" \
+		# Match all paths or subpaths in $forbidden_path
+		|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
+		# Match all first level paths from / (Like /var, /root, etc...)
+		|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
+		# Match if the path finishes by /. Because it seems there is an empty variable
+	then
+		echo "Avoid deleting $path_to_remove." >&2
+	else
+		if [ -e "$path_to_remove" ]
+		then
+			sudo rm -R "$path_to_remove"
+		else
+			echo "$path_to_remove wasn't deleted because it doesn't exist." >&2
+		fi
+	fi
+}