0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00

[2.0.1] Improve directory permissions checks. UNTESTED!!!

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1205 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-06-23 14:38:16 +00:00
parent dc0fb7d2b4
commit 401612dc3a
2 changed files with 58 additions and 4 deletions

1
NEWS
View File

@ -17,6 +17,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
(mostly harmless, except for the fact that it would be a little slower)
- Configuration objects with different serials do not clobber each
others when revision numbers are unequal
- Improve Serializer DefinitionCache directory permissions checks
. Rewire some test-cases to swallow errors rather than expect them
. HTMLDefinition printer updated with some of the new attributes
. DefinitionCache keys reordered to reflect precedence: version number,

View File

@ -21,14 +21,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends
if (!$this->checkDefType($def)) return;
$file = $this->generateFilePath($config);
if (file_exists($file)) return false;
$this->_prepareDir($config);
if (!$this->_prepareDir($config)) return false;
return $this->_write($file, serialize($def));
}
function set($def, $config) {
if (!$this->checkDefType($def)) return;
$file = $this->generateFilePath($config);
$this->_prepareDir($config);
if (!$this->_prepareDir($config)) return false;
return $this->_write($file, serialize($def));
}
@ -36,7 +36,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
if (!$this->checkDefType($def)) return;
$file = $this->generateFilePath($config);
if (!file_exists($file)) return false;
$this->_prepareDir($config);
if (!$this->_prepareDir($config)) return false;
return $this->_write($file, serialize($def));
}
@ -53,6 +53,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
}
function flush($config) {
if (!$this->_prepareDir($config)) return false;
$dir = $this->generateDirectoryPath($config);
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
@ -63,7 +64,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
}
function cleanup($config) {
$this->_prepareDir($config);
if (!$this->_prepareDir($config)) return false;
$dir = $this->generateDirectoryPath($config);
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
@ -125,12 +126,64 @@ class HTMLPurifier_DefinitionCache_Serializer extends
/**
* Prepares the directory that this type stores the serials in
* @return True if successful
*/
function _prepareDir($config) {
$directory = $this->generateDirectoryPath($config);
if (!is_dir($directory)) {
mkdir($directory);
$base = $this->generateBaseDirectoryPath($config);
if (!is_dir($base)) {
trigger_error('Base directory '.$base.' does not exist,
please create or change using %Cache.SerializerPath',
E_USER_ERROR);
return false;
} elseif (!$this->_testPermissions($base)) {
return false;
}
mkdir($directory);
} elseif (!$this->_testPermissions($directory)) {
return false;
}
return true;
}
/**
* Tests permissions on a directory and throws out friendly
* error messages and attempts to chmod it itself if possible
*/
function _testPermissions($dir) {
// early abort, if it is writable, everything is hunky-dory
if (is_writable($dir)) return true;
if (!is_dir($dir)) {
// generally, you'll want to handle this beforehand
// so a more specific error message can be given
trigger_error('Directory '.$dir.' does not exist',
E_USER_ERROR);
return false;
}
if (function_exists('posix_getuid')) {
// POSIX system, we can give more specific advice
if (fileowner($dir) === posix_getuid()) {
// we can chmod it ourselves
chmod($dir, 0755);
return true;
} elseif (filegroup($dir) === posix_getgid()) {
$chmod = '775';
} else {
// PHP's probably running as nobody, so we'll
// need to give global permissions
$chmod = '777';
}
trigger_error('Directory '.$dir.' not writable, '.
'please chmod to ' . $chmod,
E_USER_ERROR);
} else {
// generic error message
trigger_error('Directory '.$dir.' not writable, '.
'please alter file permissions',
E_USER_ERROR);
}
return false;
}
}