aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2008-09-04 01:28:34 +0000
committerrvelices <rv-github@modusoptimus.com>2008-09-04 01:28:34 +0000
commitefa741187507b388476da9d9a8694c3602479e7c (patch)
tree01242504f325d8c97cb77afeca8f193ca288d147
parent4002f708e1b701a800b3d6968d12ab9a49c2d071 (diff)
- bug 854: better checks of directory creations ( local_data_dir, templates_c, tmp etc...)
git-svn-id: http://piwigo.org/svn/trunk@2497 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--feed.php2
-rw-r--r--include/functions.inc.php68
-rw-r--r--include/functions_mail.inc.php30
-rw-r--r--include/template.class.php23
-rw-r--r--plugins/event_tracer/main.inc.php4
5 files changed, 76 insertions, 51 deletions
diff --git a/feed.php b/feed.php
index 3c435cff1..5de955975 100644
--- a/feed.php
+++ b/feed.php
@@ -195,7 +195,7 @@ foreach($dates as $date_detail)
}
$fileName= $conf['local_data_dir'].'/tmp';
-@mkdir($fileName); // just in case
+mkgetdir($fileName); // just in case
$fileName.='/feed.xml';
// send XML feed
echo $rss->saveFeed('RSS2.0', $fileName, true);
diff --git a/include/functions.inc.php b/include/functions.inc.php
index bc16d6940..2acf287e9 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -185,7 +185,7 @@ function get_filename_wo_extension( $filename )
}
/**
- * returns an array contening sub-directories, excluding "CVS"
+ * returns an array contening sub-directories, excluding ".svn"
*
* @param string $dir
* @return array
@@ -193,7 +193,6 @@ function get_filename_wo_extension( $filename )
function get_dirs($directory)
{
$sub_dirs = array();
-
if ($opendir = opendir($directory))
{
while ($file = readdir($opendir))
@@ -201,16 +200,63 @@ function get_dirs($directory)
if ($file != '.'
and $file != '..'
and is_dir($directory.'/'.$file)
- and $file != 'CVS'
- and $file != '.svn')
+ and $file != '.svn')
{
array_push($sub_dirs, $file);
}
}
+ closedir($opendir);
}
return $sub_dirs;
}
+define('MKGETDIR_NONE', 0);
+define('MKGETDIR_RECURSIVE', 1);
+define('MKGETDIR_DIE_ON_ERROR', 2);
+define('MKGETDIR_PROTECT_INDEX', 4);
+define('MKGETDIR_PROTECT_HTACCESS', 8);
+define('MKGETDIR_DEFAULT', 7);
+/**
+ * creates directory if not exists; ensures that directory is writable
+ * @param:
+ * string $dir
+ * int $flags combination of MKGETDIR_xxx
+ * @return bool false on error else true
+ */
+function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
+{
+ if ( !is_dir($dir) )
+ {
+ $umask = umask(0);
+ $mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
+ umask($umask);
+ if ($mkd==false)
+ {
+ !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
+ return false;
+ }
+ if( $flags&MKGETDIR_PROTECT_HTACCESS )
+ {
+ $file = $dir.'/.htaccess';
+ file_exists($file) or @file_put_contents( $file, 'deny from all' );
+ }
+ if( $flags&MKGETDIR_PROTECT_INDEX )
+ {
+ $file = $dir.'/index.htm';
+ file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
+ }
+ }
+ if ( !is_writable($dir) )
+ {
+ if ( !is_writable($dir) )
+ {
+ !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
+ return false;
+ }
+ }
+ return true;
+}
+
/**
* returns thumbnail directory name of input diretoty name
* make thumbnail directory is necessary
@@ -224,18 +270,12 @@ function get_dirs($directory)
function mkget_thumbnail_dir($dirname, &$errors)
{
$tndir = $dirname.'/thumbnail';
- if (!is_dir($tndir))
+ if (! mkgetdir($tn_dir, MKGETDIR_NONE) )
{
- if (!is_writable($dirname))
- {
- array_push($errors,
- '['.$dirname.'] : '.l10n('no_write_access'));
- return false;
- }
- umask(0000);
- mkdir($tndir, 0777);
+ array_push($errors,
+ '['.$dirname.'] : '.l10n('no_write_access'));
+ return false;
}
-
return $tndir;
}
diff --git a/include/functions_mail.inc.php b/include/functions_mail.inc.php
index d965fc8c5..160ac1bfb 100644
--- a/include/functions_mail.inc.php
+++ b/include/functions_mail.inc.php
@@ -795,22 +795,24 @@ function pwg_send_mail($result, $to, $subject, $content, $headers)
{
global $conf, $user, $lang_info;
$dir = $conf['local_data_dir'].'/tmp';
- @mkdir( $dir );
- $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
- if ($args['content_format'] == 'text/plain')
+ if ( mkgetdir( $dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) )
{
- $filename .= '.txt';
- }
- else
- {
- $filename .= '.html';
+ $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
+ if ($args['content_format'] == 'text/plain')
+ {
+ $filename .= '.txt';
+ }
+ else
+ {
+ $filename .= '.html';
+ }
+ $file = fopen($filename, 'w+');
+ fwrite($file, $to ."\n");
+ fwrite($file, $subject ."\n");
+ fwrite($file, $headers);
+ fwrite($file, $content);
+ fclose($file);
}
- $file = fopen($filename, 'w+');
- fwrite($file, $to ."\n");
- fwrite($file, $subject ."\n");
- fwrite($file, $headers);
- fwrite($file, $content);
- fclose($file);
return $result;
}
add_event_handler('send_mail', 'pwg_send_mail_test', EVENT_HANDLER_PRIORITY_NEUTRAL+10, 6);*/
diff --git a/include/template.class.php b/include/template.class.php
index c2dc8cc07..dfe1562a3 100644
--- a/include/template.class.php
+++ b/include/template.class.php
@@ -53,25 +53,8 @@ class Template {
$this->smarty = new Smarty;
$this->smarty->debugging = $conf['debug_template'];
- if ( isset($conf['compiled_template_dir'] ) )
- {
- $compile_dir = $conf['compiled_template_dir'];
- }
- else
- {
- $compile_dir = $conf['local_data_dir'];
- if ( !is_dir($compile_dir) )
- {
- mkdir( $compile_dir, 0777);
- file_put_contents($compile_dir.'/index.htm', '');
- }
- $compile_dir .= '/templates_c';
- }
- if ( !is_dir($compile_dir) )
- {
- mkdir( $compile_dir, 0777 );
- file_put_contents($compile_dir.'/index.htm', '');
- }
+ $compile_dir = $conf['local_data_dir'].'/templates_c';
+ mkgetdir( $compile_dir );
$this->smarty->compile_dir = $compile_dir;
@@ -123,7 +106,7 @@ class Template {
$this->smarty->compile_id = null;
$this->smarty->clear_compiled_tpl();
$this->smarty->compile_id = $save_compile_id;
- file_put_contents($this->smarty->compile_dir.'/index.htm', '');
+ file_put_contents($this->smarty->compile_dir.'/index.htm', 'Not allowed!');
}
function get_themeconf($val)
diff --git a/plugins/event_tracer/main.inc.php b/plugins/event_tracer/main.inc.php
index dcf282146..21f9ef011 100644
--- a/plugins/event_tracer/main.inc.php
+++ b/plugins/event_tracer/main.inc.php
@@ -36,7 +36,7 @@ class EventTracer
{
var $me_working;
var $my_config;
-
+
function EventTracer()
{
$this->me_working=0;
@@ -74,7 +74,7 @@ class EventTracer
function save_config()
{
$dir = $this->get_config_file_dir();
- @mkdir($dir);
+ @mkgetdir($dir);
$file = fopen( $dir.$this->get_config_file_name(), 'w' );
fwrite($file, serialize($this->my_config) );
fclose( $file );