diff --git a/app/Http/Controllers/Admin/MountController.php b/app/Http/Controllers/Admin/MountController.php index 3f40e555c..79c729976 100644 --- a/app/Http/Controllers/Admin/MountController.php +++ b/app/Http/Controllers/Admin/MountController.php @@ -3,6 +3,7 @@ namespace Pterodactyl\Http\Controllers\Admin; use Ramsey\Uuid\Uuid; +use Illuminate\Support\Str; use Illuminate\Http\Request; use Pterodactyl\Models\Nest; use Pterodactyl\Models\Mount; @@ -101,7 +102,6 @@ class MountController extends Controller */ public function create(MountFormRequest $request) { - /** @var \Pterodactyl\Models\Mount $mount */ $model = (new Mount())->fill($request->validated()); $model->forceFill(['uuid' => Uuid::uuid4()->toString()]); diff --git a/app/Models/Mount.php b/app/Models/Mount.php index b69c0c78d..ee9879b19 100644 --- a/app/Models/Mount.php +++ b/app/Models/Mount.php @@ -2,6 +2,8 @@ namespace Pterodactyl\Models; +use Illuminate\Validation\Rules\NotIn; + /** * @property int $id * @property string $uuid @@ -63,6 +65,20 @@ class Mount extends Model 'user_mountable' => 'sometimes|boolean', ]; + /** + * Implement language verification by overriding Eloquence's gather + * rules function. + */ + public static function getRules() + { + $rules = parent::getRules(); + + $rules['source'][] = new NotIn(Mount::$invalidSourcePaths); + $rules['target'][] = new NotIn(Mount::$invalidTargetPaths); + + return $rules; + } + /** * Disable timestamps on this model. * @@ -70,6 +86,26 @@ class Mount extends Model */ public $timestamps = false; + /** + * Blacklisted source paths + * + * @var string[] + */ + public static $invalidSourcePaths = [ + '/etc/pterodactyl', + '/var/lib/pterodactyl/volumes', + '/srv/daemon-data', + ]; + + /** + * Blacklisted target paths + * + * @var string[] + */ + public static $invalidTargetPaths = [ + '/home/container', + ]; + /** * Returns all eggs that have this mount assigned. *