From caa4142aa7979949ae1e3e2c1161897a8910e955 Mon Sep 17 00:00:00 2001
From: Surillya <surillya@ghost.tel>
Date: Fri, 20 Jun 2025 05:59:01 +0200
Subject: [PATCH] Prevent deletion of system files

---
 api/delete.php | 5 +++++
 api/rename.php | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/api/delete.php b/api/delete.php
index 9aa6cca..9e40b26 100644
--- a/api/delete.php
+++ b/api/delete.php
@@ -5,6 +5,11 @@ require_once __DIR__ . '/../vfs.php';
 $data  = json_decode(file_get_contents('php://input'), true);
 $pathV = $data['path'] ?? '';
 
+if (strpos($pathV, '/.apps') === 0 || $pathV === '/.thos_state.json') {
+    echo json_encode(['success'=>false, 'error'=>'Cannot delete system files']);
+    exit;
+}
+
 $real = resolve_path($pathV);
 if (!file_exists($real)) {
     echo json_encode(['success'=>false,'error'=>'Not found']);
diff --git a/api/rename.php b/api/rename.php
index dbab108..c0f7c87 100644
--- a/api/rename.php
+++ b/api/rename.php
@@ -6,6 +6,11 @@ $data    = json_decode(file_get_contents('php://input'), true);
 $oldV    = $data['old'] ?? '';
 $newName = $data['new'] ?? '';
 
+if (strpos($oldV, '/.apps') === 0 || $oldV === '/.thos_state.json') {
+    echo json_encode(['success'=>false, 'error'=>'Cannot rename system files']);
+    exit;
+}
+
 $oldReal = resolve_path($oldV);
 $newReal = dirname($oldReal) . '/' . basename($newName);