Add auto-cleanup of old temp extractions (>1 hour)

Security: Also added nginx rule on dev server to block CFM/PHP execution in /temp/menu-import/ directory. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-13 07:40:10 -08:00 · 2026-02-13 07:40:10 -08:00 · ddaac523bf
commit ddaac523bf
parent 093a3b8bce
1 changed files with 15 additions and 0 deletions
--- a/api/setup/uploadSavedPage.cfm
+++ b/api/setup/uploadSavedPage.cfm
@ -17,6 +17,21 @@
        <cfdirectory action="create" directory="#tempBaseDir#" mode="755">
    </cfif>

+    <!--- Cleanup: delete folders older than 1 hour --->
+    <cftry>
+        <cfdirectory action="list" directory="#tempBaseDir#" name="oldFolders" type="dir">
+        <cfset oneHourAgo = dateAdd("h", -1, now())>
+        <cfloop query="oldFolders">
+            <cfif oldFolders.dateLastModified LT oneHourAgo AND oldFolders.name NEQ "." AND oldFolders.name NEQ "..">
+                <cftry>
+                    <cfdirectory action="delete" directory="#tempBaseDir#/#oldFolders.name#" recurse="true">
+                <cfcatch></cfcatch>
+                </cftry>
+            </cfif>
+        </cfloop>
+    <cfcatch></cfcatch>
+    </cftry>
+
    <!--- Check if ZIP file was uploaded --->
    <cfif NOT structKeyExists(form, "zipFile") OR form.zipFile EQ "">
        <cfset response["MESSAGE"] = "No ZIP file uploaded">