Replaced rm_rf() by rm_tree().

Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

web/html/pkgsubmit.php

@@ -216,7 +216,7 @@ if ($_COOKIE["AURSID"]):
 			if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
 				if (file_exists($incoming_pkgdir)) {
 					# Blow away the existing file/dir and contents
-					rm_rf($incoming_pkgdir);
+					rm_tree($incoming_pkgdir);
 				}
 
 				if (!@mkdir($incoming_pkgdir)) {

web/lib/aur.inc

@@ -348,11 +348,23 @@ function can_submit_pkg($name="", $sid="") {
 
 # recursive delete directory
 #
-function rm_rf($dirname="") {
-	if ($dirname != "") {
-		exec('rm -rf ' . escapeshellcmd($dirname));
+function rm_tree($dirname) {
+	if (empty($dirname) || !is_dir($dirname)) return;
+
+	foreach (scandir($dirname) as $item) {
+		if ($item != '.' && $item != '..') {
+			$path = $dirname . '/' . $item;
+			if (is_file($path) || is_link($path)) {
+				unlink($path);
+			}
+			else {
+				rm_tree($path);
+			}
+		}
 	}
 
+	rmdir($dirname);
+
 	return;
 }