Validating $INSTDIR before uninstall: Difference between revisions
Line 2: | Line 2: | ||
== Description == | == Description == | ||
The install directory (''$INSTDIR'') is saved in the registry after a successful install and then fetched again in the uninstaller. If not fetched from the registry manually (via a ReadRegStr) then it is set to $EXEDIR (the location of the uninstaller executable). This can be problematic, especially if a lazy NSIS script writer uses ''RMDir /r "$INSTDIR | The install directory (''$INSTDIR'') is saved in the registry after a successful install and then fetched again in the uninstaller. If not fetched from the registry manually (via a ReadRegStr) then it is set to $EXEDIR (the location of the uninstaller executable). This can be problematic, especially if a lazy NSIS script writer uses ''RMDir /r "$INSTDIR"''. | ||
What if ''$INSTDIR'' is empty because the registry key is missing? '''"$INSTDIR | What if ''$INSTDIR'' is empty because the registry key is missing? '''"$INSTDIR"''' will become '''""''' which means that everything from the system root could be deleted '''INCLUDING THE OPERATING SYSTEM'''. This would also happen if the user ran the uninstaller from C:\ and if that uninstaller did not set $INSTDIR to anything. | ||
Also, what if the user has installed to his desktop, or perhaps to My Documents. Need I say more? | Also, what if the user has installed to his desktop, or perhaps to My Documents. Need I say more? | ||
Revision as of 21:47, 10 July 2007
Author: Afrow UK (talk, contrib) |
Description
The install directory ($INSTDIR) is saved in the registry after a successful install and then fetched again in the uninstaller. If not fetched from the registry manually (via a ReadRegStr) then it is set to $EXEDIR (the location of the uninstaller executable). This can be problematic, especially if a lazy NSIS script writer uses RMDir /r "$INSTDIR".
What if $INSTDIR is empty because the registry key is missing? "$INSTDIR" will become "" which means that everything from the system root could be deleted INCLUDING THE OPERATING SYSTEM. This would also happen if the user ran the uninstaller from C:\ and if that uninstaller did not set $INSTDIR to anything. Also, what if the user has installed to his desktop, or perhaps to My Documents. Need I say more?
So, what can we do about this? There is only so much validation that we can do on $INSTDIR, but some is better than none at all!
The Code
ClearErrors ReadRegStr $INSTDIR HKLM "Software\MyApp" "" IfErrors +2 StrCmp $INSTDIR "" 0 +3 MessageBox MB_OK|MB_ICONSTOP "Install path missing!" Abort # Does path end with "\MyApp"? Change -6 accordingly. StrCpy $R0 $INSTDIR "" -6 StrCmp $R0 "\MyApp" +3 MessageBox MB_YESNO|MB_ICONQUESTION "..." IDYES +2 Abort IfFileExists "$INSTDIR\*.*" +4 IfFileExists "$INSTDIR\MyApp.exe" +3 MessageBox MB_OK|MB_ICONSTOP "Install path invalid!" Abort
Reflection
There are some bits to change here, such as the part that checks if the path ends with "\MyApp". Obviously, if it does not, then your user may be uninstalling from somewhere else and in which case it will prompt the user with a Yes/No message box.
Another check at the end is for MyApp.exe. If that file does not exist then the uninstall path could possibly be bad.
Stu