From efa741187507b388476da9d9a8694c3602479e7c Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Thu, 4 Sep 2008 01:28:34 +0000
Subject: - bug 854: better checks of directory creations ( local_data_dir,
 templates_c, tmp etc...)

git-svn-id: http://piwigo.org/svn/trunk@2497 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 feed.php                          |  2 +-
 include/functions.inc.php         | 68 +++++++++++++++++++++++++++++++--------
 include/functions_mail.inc.php    | 30 +++++++++--------
 include/template.class.php        | 23 ++-----------
 plugins/event_tracer/main.inc.php |  4 +--
 5 files changed, 76 insertions(+), 51 deletions(-)

diff --git a/feed.php b/feed.php
index 3c435cff1..5de955975 100644
--- a/feed.php
+++ b/feed.php
@@ -195,7 +195,7 @@ foreach($dates as $date_detail)
 }
 
 $fileName= $conf['local_data_dir'].'/tmp';
-@mkdir($fileName); // just in case
+mkgetdir($fileName); // just in case
 $fileName.='/feed.xml';
 // send XML feed
 echo $rss->saveFeed('RSS2.0', $fileName, true);
diff --git a/include/functions.inc.php b/include/functions.inc.php
index bc16d6940..2acf287e9 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -185,7 +185,7 @@ function get_filename_wo_extension( $filename )
 }
 
 /**
- * returns an array contening sub-directories, excluding "CVS"
+ * returns an array contening sub-directories, excluding ".svn"
  *
  * @param string $dir
  * @return array
@@ -193,7 +193,6 @@ function get_filename_wo_extension( $filename )
 function get_dirs($directory)
 {
   $sub_dirs = array();
-
   if ($opendir = opendir($directory))
   {
     while ($file = readdir($opendir))
@@ -201,16 +200,63 @@ function get_dirs($directory)
       if ($file != '.'
           and $file != '..'
           and is_dir($directory.'/'.$file)
-          and $file != 'CVS'
-    and $file != '.svn')
+          and $file != '.svn')
       {
         array_push($sub_dirs, $file);
       }
     }
+    closedir($opendir);
   }
   return $sub_dirs;
 }
 
+define('MKGETDIR_NONE', 0);
+define('MKGETDIR_RECURSIVE', 1);
+define('MKGETDIR_DIE_ON_ERROR', 2);
+define('MKGETDIR_PROTECT_INDEX', 4);
+define('MKGETDIR_PROTECT_HTACCESS', 8);
+define('MKGETDIR_DEFAULT', 7);
+/**
+ * creates directory if not exists; ensures that directory is writable
+ * @param:
+ *  string $dir
+ *  int $flags combination of MKGETDIR_xxx
+ * @return bool false on error else true
+ */
+function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
+{
+  if ( !is_dir($dir) )
+  {
+    $umask = umask(0);
+    $mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
+    umask($umask);
+    if ($mkd==false)
+    {
+      !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
+      return false;
+    }
+    if( $flags&MKGETDIR_PROTECT_HTACCESS )
+    {
+      $file = $dir.'/.htaccess';
+      file_exists($file) or @file_put_contents( $file, 'deny from all' );
+    }
+    if( $flags&MKGETDIR_PROTECT_INDEX )
+    {
+      $file = $dir.'/index.htm';
+      file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
+    }
+  }
+  if ( !is_writable($dir) )
+  {
+    if ( !is_writable($dir) )
+    {
+      !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
+      return false;
+    }
+  }
+  return true;
+}
+
 /**
  * returns thumbnail directory name of input diretoty name
  * make thumbnail directory is necessary
@@ -224,18 +270,12 @@ function get_dirs($directory)
 function mkget_thumbnail_dir($dirname, &$errors)
 {
   $tndir = $dirname.'/thumbnail';
-  if (!is_dir($tndir))
+  if (! mkgetdir($tn_dir, MKGETDIR_NONE) )
   {
-    if (!is_writable($dirname))
-    {
-      array_push($errors,
-                 '['.$dirname.'] : '.l10n('no_write_access'));
-      return false;
-    }
-    umask(0000);
-    mkdir($tndir, 0777);
+    array_push($errors,
+          '['.$dirname.'] : '.l10n('no_write_access'));
+    return false;
   }
-
   return $tndir;
 }
 
diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php
index d965fc8c5..160ac1bfb 100644
--- a/include/functions_mail.inc.php
+++ b/include/functions_mail.inc.php
@@ -795,22 +795,24 @@ function pwg_send_mail($result, $to, $subject, $content, $headers)
 {
     global $conf, $user, $lang_info;
     $dir = $conf['local_data_dir'].'/tmp';
-    @mkdir( $dir );
-    $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
-    if ($args['content_format'] == 'text/plain')
+    if ( mkgetdir( $dir,  MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) )
     {
-      $filename .= '.txt';
-    }
-    else
-    {
-      $filename .= '.html';
+      $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
+      if ($args['content_format'] == 'text/plain')
+      {
+        $filename .= '.txt';
+      }
+      else
+      {
+        $filename .= '.html';
+      }
+      $file = fopen($filename, 'w+');
+      fwrite($file, $to ."\n");
+      fwrite($file, $subject ."\n");
+      fwrite($file, $headers);
+      fwrite($file, $content);
+      fclose($file);
     }
-    $file = fopen($filename, 'w+');
-    fwrite($file, $to ."\n");
-    fwrite($file, $subject ."\n");
-    fwrite($file, $headers);
-    fwrite($file, $content);
-    fclose($file);
     return $result;
 }
 add_event_handler('send_mail', 'pwg_send_mail_test', EVENT_HANDLER_PRIORITY_NEUTRAL+10, 6);*/
diff --git a/include/template.class.php b/include/template.class.php
index c2dc8cc07..dfe1562a3 100644
--- a/include/template.class.php
+++ b/include/template.class.php
@@ -53,25 +53,8 @@ class Template {
     $this->smarty = new Smarty;
     $this->smarty->debugging = $conf['debug_template'];
 
-    if ( isset($conf['compiled_template_dir'] ) )
-    {
-      $compile_dir = $conf['compiled_template_dir'];
-    }
-    else
-    {
-      $compile_dir = $conf['local_data_dir'];
-      if ( !is_dir($compile_dir) )
-      {
-        mkdir( $compile_dir, 0777);
-        file_put_contents($compile_dir.'/index.htm', '');
-      }
-      $compile_dir .= '/templates_c';
-    }
-    if ( !is_dir($compile_dir) )
-    {
-      mkdir( $compile_dir, 0777 );
-      file_put_contents($compile_dir.'/index.htm', '');
-    }
+    $compile_dir = $conf['local_data_dir'].'/templates_c';
+    mkgetdir( $compile_dir );
 
     $this->smarty->compile_dir = $compile_dir;
 
@@ -123,7 +106,7 @@ class Template {
       $this->smarty->compile_id = null;
       $this->smarty->clear_compiled_tpl();
       $this->smarty->compile_id = $save_compile_id;
-      file_put_contents($this->smarty->compile_dir.'/index.htm', '');
+      file_put_contents($this->smarty->compile_dir.'/index.htm', 'Not allowed!');
   }
 
   function get_themeconf($val)
diff --git a/plugins/event_tracer/main.inc.php b/plugins/event_tracer/main.inc.php
index dcf282146..21f9ef011 100644
--- a/plugins/event_tracer/main.inc.php
+++ b/plugins/event_tracer/main.inc.php
@@ -36,7 +36,7 @@ class EventTracer
 {
   var $me_working;
   var $my_config;
-  
+
   function EventTracer()
   {
     $this->me_working=0;
@@ -74,7 +74,7 @@ class EventTracer
   function save_config()
   {
     $dir = $this->get_config_file_dir();
-    @mkdir($dir);
+    @mkgetdir($dir);
     $file = fopen( $dir.$this->get_config_file_name(), 'w' );
     fwrite($file, serialize($this->my_config) );
     fclose( $file );
-- 
cgit v1.2.3