mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 11:19:55 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

- bug 854: better checks of directory creations ( local_data_dir, templates_c, tmp etc...)

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@2497 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices 2008-09-04 01:28:34 +00:00
parent 4002f708e1
commit efa7411875
5 changed files with 76 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

2
feed.php
View file

@ -195,7 +195,7 @@ foreach($dates as $date_detail)
}
$fileName= $conf['local_data_dir'].'/tmp';
@mkdir($fileName); // just in case
mkgetdir($fileName); // just in case
$fileName.='/feed.xml';
// send XML feed
echo $rss->saveFeed('RSS2.0', $fileName, true);

68
include/functions.inc.php
View file

@ -185,7 +185,7 @@ function get_filename_wo_extension( $filename )
}
/**
* returns an array contening sub-directories, excluding "CVS"
* returns an array contening sub-directories, excluding ".svn"
*
* @param string $dir
* @return array
@ -193,7 +193,6 @@ function get_filename_wo_extension( $filename )
function get_dirs($directory)
{
$sub_dirs = array();
if ($opendir = opendir($directory))
{
while ($file = readdir($opendir))
@ -201,16 +200,63 @@ function get_dirs($directory)
if ($file != '.'
and $file != '..'
and is_dir($directory.'/'.$file)
and $file != 'CVS'
and $file != '.svn')
and $file != '.svn')
{
array_push($sub_dirs, $file);
}
}
closedir($opendir);
}
return $sub_dirs;
}
define('MKGETDIR_NONE', 0);
define('MKGETDIR_RECURSIVE', 1);
define('MKGETDIR_DIE_ON_ERROR', 2);
define('MKGETDIR_PROTECT_INDEX', 4);
define('MKGETDIR_PROTECT_HTACCESS', 8);
define('MKGETDIR_DEFAULT', 7);
/**
* creates directory if not exists; ensures that directory is writable
* @param:
* string $dir
* int $flags combination of MKGETDIR_xxx
* @return bool false on error else true
*/
function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
{
if ( !is_dir($dir) )
{
$umask = umask(0);
$mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
umask($umask);
if ($mkd==false)
{
!($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
return false;
}
if( $flags&MKGETDIR_PROTECT_HTACCESS )
{
$file = $dir.'/.htaccess';
file_exists($file) or @file_put_contents( $file, 'deny from all' );
}
if( $flags&MKGETDIR_PROTECT_INDEX )
{
$file = $dir.'/index.htm';
file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
}
}
if ( !is_writable($dir) )
{
if ( !is_writable($dir) )
{
!($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
return false;
}
}
return true;
}
/**
* returns thumbnail directory name of input diretoty name
* make thumbnail directory is necessary
@ -224,18 +270,12 @@ function get_dirs($directory)
function mkget_thumbnail_dir($dirname, &$errors)
{
$tndir = $dirname.'/thumbnail';
if (!is_dir($tndir))
if (! mkgetdir($tn_dir, MKGETDIR_NONE) )
{
if (!is_writable($dirname))
{
array_push($errors,
'['.$dirname.'] : '.l10n('no_write_access'));
return false;
}
umask(0000);
mkdir($tndir, 0777);
array_push($errors,
'['.$dirname.'] : '.l10n('no_write_access'));
return false;
}
return $tndir;
}

30
include/functions_mail.inc.php
View file

@ -795,22 +795,24 @@ function pwg_send_mail($result, $to, $subject, $content, $headers)
{
global $conf, $user, $lang_info;
$dir = $conf['local_data_dir'].'/tmp';
@mkdir( $dir );
$filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
if ($args['content_format'] == 'text/plain')
if ( mkgetdir( $dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) )
{
$filename .= '.txt';
$filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
if ($args['content_format'] == 'text/plain')
{
$filename .= '.txt';
}
else
{
$filename .= '.html';
}
$file = fopen($filename, 'w+');
fwrite($file, $to ."\n");
fwrite($file, $subject ."\n");
fwrite($file, $headers);
fwrite($file, $content);
fclose($file);
}
else
{
$filename .= '.html';
}
$file = fopen($filename, 'w+');
fwrite($file, $to ."\n");
fwrite($file, $subject ."\n");
fwrite($file, $headers);
fwrite($file, $content);
fclose($file);
return $result;
}
add_event_handler('send_mail', 'pwg_send_mail_test', EVENT_HANDLER_PRIORITY_NEUTRAL+10, 6);*/

23
include/template.class.php
View file

@ -53,25 +53,8 @@ class Template {
$this->smarty = new Smarty;
$this->smarty->debugging = $conf['debug_template'];
if ( isset($conf['compiled_template_dir'] ) )
{
$compile_dir = $conf['compiled_template_dir'];
}
else
{
$compile_dir = $conf['local_data_dir'];
if ( !is_dir($compile_dir) )
{
mkdir( $compile_dir, 0777);
file_put_contents($compile_dir.'/index.htm', '');
}
$compile_dir .= '/templates_c';
}
if ( !is_dir($compile_dir) )
{
mkdir( $compile_dir, 0777 );
file_put_contents($compile_dir.'/index.htm', '');
}
$compile_dir = $conf['local_data_dir'].'/templates_c';
mkgetdir( $compile_dir );
$this->smarty->compile_dir = $compile_dir;
@ -123,7 +106,7 @@ class Template {
$this->smarty->compile_id = null;
$this->smarty->clear_compiled_tpl();
$this->smarty->compile_id = $save_compile_id;
file_put_contents($this->smarty->compile_dir.'/index.htm', '');
file_put_contents($this->smarty->compile_dir.'/index.htm', 'Not allowed!');
}
function get_themeconf($val)

4
plugins/event_tracer/main.inc.php
View file

@ -36,7 +36,7 @@ class EventTracer
{
var $me_working;
var $my_config;
function EventTracer()
{
$this->me_working=0;
@ -74,7 +74,7 @@ class EventTracer
function save_config()
{
$dir = $this->get_config_file_dir();
@mkdir($dir);
@mkgetdir($dir);
$file = fopen( $dir.$this->get_config_file_name(), 'w' );
fwrite($file, serialize($this->my_config) );
fclose( $file );