From 1ed4b9e7eca2a0c371582a454c232c744cd5f1f2 Mon Sep 17 00:00:00 2001
From: Thomas Hochstein <thh@inter.net>
Date: Fri, 20 Mar 2020 17:50:00 +0100
Subject: [PATCH] Prevent renaming ML object into existing file.

When renaming objects in the Media Library,
s9y didn't check if a file with the same
name already exists, resulting in a file
name collision deleting both files from
the database _and_ from disk.

Add a check to avoid that.

An error message would be nice, too, but
that may be added later on.

Tested on s9y-stable test instance.

Signed-off-by: Thomas Hochstein <thh@inter.net>
---
 docs/NEWS                        | 3 +++
 include/functions_images.inc.php | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/docs/NEWS b/docs/NEWS
index 6ef70a3a..038c8466 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -1,6 +1,9 @@
 Version 2.4-alpha1 ()
 ------------------------------------------------------------------------
 
+   * Fix: Prevent renaming a ML object into an existing file,
+          resulting in deletion of both from disk and database.
+
    * Fix invalid HTTP referrer error when trying to delete a
      trackback from the frontend
 
diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php
index fc2c5963..32d555ba 100644
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@@ -2260,6 +2260,10 @@ function serendipity_renameFile($id, $newName, $path = null) {
     $imgBase = $serendipity['serendipityPath'] . $serendipity['uploadPath'];
     
     $newPath = "{$imgBase}{$path}{$newName}.{$file['extension']}";
+
+    if (file_exists($newPath)) {
+        return false;
+    }
     
     rename("{$imgBase}{$file['path']}{$file['realname']}", $newPath);