Changeset 2497 for trunk/include

Timestamp:

Sep 4, 2008, 3:28:34 AM (16 years ago)

Author:

rvelices

Message:

• bug 854: better checks of directory creations ( local_data_dir, templates_c, tmp etc...)

Location:

trunk/include

Files:

• functions.inc.php (modified) (4 diffs)
• functions_mail.inc.php (modified) (1 diff)
• template.class.php (modified) (2 diffs)

trunk/include/functions.inc.php

@@ -186 +186 @@
 
 /**
- * returns an array contening sub-directories, excluding "CVS"
+ * returns an array contening sub-directories, excluding ".svn"
  *
  * @param string $dir
@@ -194 +194 @@
 {
   $sub_dirs = array();
-
   if ($opendir = opendir($directory))
   {
@@ -202 +201 @@
           and $file != '..'
           and is_dir($directory.'/'.$file)
-          and $file != 'CVS'
-    and $file != '.svn')
+          and $file != '.svn')
       {
         array_push($sub_dirs, $file);
       }
     }
+    closedir($opendir);
   }
   return $sub_dirs;
+}
+
+define('MKGETDIR_NONE', 0);
+define('MKGETDIR_RECURSIVE', 1);
+define('MKGETDIR_DIE_ON_ERROR', 2);
+define('MKGETDIR_PROTECT_INDEX', 4);
+define('MKGETDIR_PROTECT_HTACCESS', 8);
+define('MKGETDIR_DEFAULT', 7);
+/**
+ * creates directory if not exists; ensures that directory is writable
+ * @param:
+ *  string $dir
+ *  int $flags combination of MKGETDIR_xxx
+ * @return bool false on error else true
+ */
+function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
+{
+  if ( !is_dir($dir) )
+  {
+    $umask = umask(0);
+    $mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
+    umask($umask);
+    if ($mkd==false)
+    {
+      !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
+      return false;
+    }
+    if( $flags&MKGETDIR_PROTECT_HTACCESS )
+    {
+      $file = $dir.'/.htaccess';
+      file_exists($file) or @file_put_contents( $file, 'deny from all' );
+    }
+    if( $flags&MKGETDIR_PROTECT_INDEX )
+    {
+      $file = $dir.'/index.htm';
+      file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
+    }
+  }
+  if ( !is_writable($dir) )
+  {
+    if ( !is_writable($dir) )
+    {
+      !($flags&MKGETDIR_DIE_ON_ERROR) or trigger_error( "$dir ".l10n('no_write_access'), E_USER_ERROR);
+      return false;
+    }
+  }
+  return true;
 }
 
@@ -225 +271 @@
 {
   $tndir = $dirname.'/thumbnail';
-  if (!is_dir($tndir))
-  {
-    if (!is_writable($dirname))
-    {
-      array_push($errors,
-                 '['.$dirname.'] : '.l10n('no_write_access'));
-      return false;
-    }
-    umask(0000);
-    mkdir($tndir, 0777);
-  }
-
+  if (! mkgetdir($tn_dir, MKGETDIR_NONE) )
+  {
+    array_push($errors,
+          '['.$dirname.'] : '.l10n('no_write_access'));
+    return false;
+  }
   return $tndir;
 }

trunk/include/functions_mail.inc.php

@@ -796 +796 @@
     global $conf, $user, $lang_info;
     $dir = $conf['local_data_dir'].'/tmp';
-    @mkdir( $dir );
-    $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
-    if ($args['content_format'] == 'text/plain')
-    {
-      $filename .= '.txt';
-    }
-    else
-    {
-      $filename .= '.html';
-    }
-    $file = fopen($filename, 'w+');
-    fwrite($file, $to ."\n");
-    fwrite($file, $subject ."\n");
-    fwrite($file, $headers);
-    fwrite($file, $content);
-    fclose($file);
+    if ( mkgetdir( $dir,  MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) )
+    {
+      $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
+      if ($args['content_format'] == 'text/plain')
+      {
+        $filename .= '.txt';
+      }
+      else
+      {
+        $filename .= '.html';
+      }
+      $file = fopen($filename, 'w+');
+      fwrite($file, $to ."\n");
+      fwrite($file, $subject ."\n");
+      fwrite($file, $headers);
+      fwrite($file, $content);
+      fclose($file);
+    }
     return $result;
 }

trunk/include/template.class.php

@@ -54 +54 @@
     $this->smarty->debugging = $conf['debug_template'];
 
-    if ( isset($conf['compiled_template_dir'] ) )
-    {
-      $compile_dir = $conf['compiled_template_dir'];
-    }
-    else
-    {
-      $compile_dir = $conf['local_data_dir'];
-      if ( !is_dir($compile_dir) )
-      {
-        mkdir( $compile_dir, 0777);
-        file_put_contents($compile_dir.'/index.htm', '');
-      }
-      $compile_dir .= '/templates_c';
-    }
-    if ( !is_dir($compile_dir) )
-    {
-      mkdir( $compile_dir, 0777 );
-      file_put_contents($compile_dir.'/index.htm', '');
-    }
+    $compile_dir = $conf['local_data_dir'].'/templates_c';
+    mkgetdir( $compile_dir );
 
     $this->smarty->compile_dir = $compile_dir;
@@ -124 +107 @@
       $this->smarty->clear_compiled_tpl();
       $this->smarty->compile_id = $save_compile_id;
-      file_put_contents($this->smarty->compile_dir.'/index.htm', '');
+      file_put_contents($this->smarty->compile_dir.'/index.htm', 'Not allowed!');
   }