diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-09-04 01:28:34 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-09-04 01:28:34 +0000 |
commit | efa741187507b388476da9d9a8694c3602479e7c (patch) | |
tree | 01242504f325d8c97cb77afeca8f193ca288d147 | |
parent | 4002f708e1b701a800b3d6968d12ab9a49c2d071 (diff) |
- bug 854: better checks of directory creations ( local_data_dir, templates_c, tmp etc...)
git-svn-id: http://piwigo.org/svn/trunk@2497 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | feed.php | 2 | ||||
-rw-r--r-- | include/functions.inc.php | 68 | ||||
-rw-r--r-- | include/functions_mail.inc.php | 30 | ||||
-rw-r--r-- | include/template.class.php | 23 | ||||
-rw-r--r-- | plugins/event_tracer/main.inc.php | 4 |
5 files changed, 76 insertions, 51 deletions
@@ -195,7 +195,7 @@ foreach($dates as $date_detail) } $fileName= $conf['local_data_dir'].'/tmp'; -@mkdir($fileName); // just in case +mkgetdir($fileName); // just in case $fileName.='/feed.xml'; // send XML feed echo $rss->saveFeed('RSS2.0', $fileName, true); diff --git a/include/functions.inc.php b/include/functions.inc.php index bc16d6940..2acf287e9 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -185,7 +185,7 @@ function get_filename_wo_extension( $filename ) } /** - * returns an array contening sub-directories, excluding "CVS" + * returns an array contening sub-directories, excluding ".svn" * * @param string $dir * @return array @@ -193,7 +193,6 @@ function get_filename_wo_extension( $filename ) function get_dirs($directory) { $sub_dirs = array(); - if ($opendir = opendir($directory)) { while ($file = readdir($opendir)) @@ -201,16 +200,63 @@ function get_dirs($directory) if ($file != '.' and $file != '..' and is_dir($directory.'/'.$file) - and $file != 'CVS' - and $file != '.svn') + and $file != '.svn') { array_push($sub_dirs, $file); } } + closedir($opendir); } return $sub_dirs; } +define('MKGETDIR_NONE', 0); +define('MKGETDIR_RECURSIVE', 1); +define('MKGETDIR_DIE_ON_ERROR', 2); +define('MKGETDIR_PROTECT_INDEX', 4); +define('MKGETDIR_PROTECT_HTACCESS', 8); +define('MKGETDIR_DEFAULT', 7); +/** + * creates directory if not exists; ensures that directory is writable + * @param: + * string $dir + * int $flags combination of MKGETDIR_xxx + * @return bool false on error else true + */ +function mkgetdir($dir, $flags=MKGETDIR_DEFAULT) +{ + if ( !is_dir($dir) ) + { + $umask = umask(0); + $mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false ); + umask($umask); + if ($mkd==false) + { + !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR); + return false; + } + if( $flags&MKGETDIR_PROTECT_HTACCESS ) + { + $file = $dir.'/.htaccess'; + file_exists($file) or @file_put_contents( $file, 'deny from all' ); + } + if( $flags&MKGETDIR_PROTECT_INDEX ) + { + $file = $dir.'/index.htm'; + file_exists($file) or @file_put_contents( $file, 'Not allowed!' ); + } + } + if ( !is_writable($dir) ) + { + if ( !is_writable($dir) ) + { + !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR); + return false; + } + } + return true; +} + /** * returns thumbnail directory name of input diretoty name * make thumbnail directory is necessary @@ -224,18 +270,12 @@ function get_dirs($directory) function mkget_thumbnail_dir($dirname, &$errors) { $tndir = $dirname.'/thumbnail'; - if (!is_dir($tndir)) + if (! mkgetdir($tn_dir, MKGETDIR_NONE) ) { - if (!is_writable($dirname)) - { - array_push($errors, - '['.$dirname.'] : '.l10n('no_write_access')); - return false; - } - umask(0000); - mkdir($tndir, 0777); + array_push($errors, + '['.$dirname.'] : '.l10n('no_write_access')); + return false; } - return $tndir; } diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php index d965fc8c5..160ac1bfb 100644 --- a/include/functions_mail.inc.php +++ b/include/functions_mail.inc.php @@ -795,22 +795,24 @@ function pwg_send_mail($result, $to, $subject, $content, $headers) { global $conf, $user, $lang_info; $dir = $conf['local_data_dir'].'/tmp'; - @mkdir( $dir ); - $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme']; - if ($args['content_format'] == 'text/plain') + if ( mkgetdir( $dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) ) { - $filename .= '.txt'; - } - else - { - $filename .= '.html'; + $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme']; + if ($args['content_format'] == 'text/plain') + { + $filename .= '.txt'; + } + else + { + $filename .= '.html'; + } + $file = fopen($filename, 'w+'); + fwrite($file, $to ."\n"); + fwrite($file, $subject ."\n"); + fwrite($file, $headers); + fwrite($file, $content); + fclose($file); } - $file = fopen($filename, 'w+'); - fwrite($file, $to ."\n"); - fwrite($file, $subject ."\n"); - fwrite($file, $headers); - fwrite($file, $content); - fclose($file); return $result; } add_event_handler('send_mail', 'pwg_send_mail_test', EVENT_HANDLER_PRIORITY_NEUTRAL+10, 6);*/ diff --git a/include/template.class.php b/include/template.class.php index c2dc8cc07..dfe1562a3 100644 --- a/include/template.class.php +++ b/include/template.class.php @@ -53,25 +53,8 @@ class Template { $this->smarty = new Smarty; $this->smarty->debugging = $conf['debug_template']; - if ( isset($conf['compiled_template_dir'] ) ) - { - $compile_dir = $conf['compiled_template_dir']; - } - else - { - $compile_dir = $conf['local_data_dir']; - if ( !is_dir($compile_dir) ) - { - mkdir( $compile_dir, 0777); - file_put_contents($compile_dir.'/index.htm', ''); - } - $compile_dir .= '/templates_c'; - } - if ( !is_dir($compile_dir) ) - { - mkdir( $compile_dir, 0777 ); - file_put_contents($compile_dir.'/index.htm', ''); - } + $compile_dir = $conf['local_data_dir'].'/templates_c'; + mkgetdir( $compile_dir ); $this->smarty->compile_dir = $compile_dir; @@ -123,7 +106,7 @@ class Template { $this->smarty->compile_id = null; $this->smarty->clear_compiled_tpl(); $this->smarty->compile_id = $save_compile_id; - file_put_contents($this->smarty->compile_dir.'/index.htm', ''); + file_put_contents($this->smarty->compile_dir.'/index.htm', 'Not allowed!'); } function get_themeconf($val) diff --git a/plugins/event_tracer/main.inc.php b/plugins/event_tracer/main.inc.php index dcf282146..21f9ef011 100644 --- a/plugins/event_tracer/main.inc.php +++ b/plugins/event_tracer/main.inc.php @@ -36,7 +36,7 @@ class EventTracer { var $me_working; var $my_config; - + function EventTracer() { $this->me_working=0; @@ -74,7 +74,7 @@ class EventTracer function save_config() { $dir = $this->get_config_file_dir(); - @mkdir($dir); + @mkgetdir($dir); $file = fopen( $dir.$this->get_config_file_name(), 'w' ); fwrite($file, serialize($this->my_config) ); fclose( $file ); |