diff options
author | Loui Chang <louipc.ist@gmail.com> | 2008-11-09 22:35:00 -0500 |
---|---|---|
committer | Loui Chang <louipc.ist@gmail.com> | 2008-11-13 15:19:26 -0500 |
commit | f12b11abc70b03fa75faf211a6311acb1cc1b32d (patch) | |
tree | 7c43e9a46d0a560d1bd6f550c105b8179543fc05 | |
parent | 2ac75bd81278a6a51d3eef56e9088c198a887a6d (diff) | |
download | aurweb-f12b11abc70b03fa75faf211a6311acb1cc1b32d.tar.xz |
Give group writable permissions to uploaded files.
Add a new function chown_group to recursively change permissions.
Tweak some of the coding style.
Replace some of the redundant string concatenation with a variable.
Thanks to Dan McGee for chmod_group.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
-rw-r--r-- | web/html/pkgsubmit.php | 36 | ||||
-rw-r--r-- | web/lib/aur.inc | 28 |
2 files changed, 47 insertions, 17 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index c38e224..4446648 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -30,12 +30,10 @@ if ($_COOKIE["AURSID"]): if (!$error) { if (!@mkdir($tempdir)) { - $error = __("Could not create incoming directory: %s.", - array($tempdir)); + $error = __("Could not create incoming directory: %s.", $tempdir); } else { if (!@chdir($tempdir)) { - $error = __("Could not change directory to %s.", - array($tempdir)); + $error = __("Could not change directory to %s.", $tempdir); } else { if ($_FILES['pfile']['name'] == "PKGBUILD") { move_uploaded_file($_FILES['pfile']['tmp_name'], $tempdir . "/PKGBUILD"); @@ -205,32 +203,31 @@ if ($_COOKIE["AURSID"]): } } + $incoming_pkgdir = INCOMING_DIR . $pkg_name; + if (!$error) { # First, see if this package already exists, and if it can be overwritten $pkg_exists = package_exists($pkg_name); if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) { - if (file_exists(INCOMING_DIR . $pkg_name)) { + if (file_exists($incoming_pkgdir)) { # Blow away the existing file/dir and contents - rm_rf(INCOMING_DIR . $pkg_name); + rm_rf($incoming_pkgdir); } - if (!@mkdir(INCOMING_DIR . $pkg_name)) { - $error = __( "Could not create directory %s.", - INCOMING_DIR . $pkg_name); + if (!@mkdir($incoming_pkgdir)) { + $error = __( "Could not create directory %s.", $incoming_pkgdir); } - rename($pkg_dir, INCOMING_DIR . $pkg_name . "/" . $pkg_name); + rename($pkg_dir, $incoming_pkgdir . "/" . $pkg_name); } else { - $error = __( "You are not allowed to overwrite the %h%s%h package.", - "<b>", $pkg_name, "</b>"); + $error = __( "You are not allowed to overwrite the %h%s%h package.", "<b>", $pkg_name, "</b>"); } } # Re-tar the package for consistency's sake if (!$error) { - if (!@chdir(INCOMING_DIR . $pkg_name)) { - $error = __("Could not change directory to %s.", - array(INCOMING_DIR . $pkg_name)); + if (!@chdir($incoming_pkgdir)) { + $error = __("Could not change directory to %s.", $incoming_pkgdir); } } @@ -243,6 +240,11 @@ if ($_COOKIE["AURSID"]): } } + # Chmod files after everything has been done. + if (!chmod_group($incoming_pkgdir)) { + $error = __("Could not chmod directory %s.", $incoming_pkgdir); + } + # Whether it failed or not we can clean this out if (file_exists($tempdir)) { rm_rf($tempdir); @@ -296,7 +298,7 @@ if ($_COOKIE["AURSID"]): mysql_real_escape_string($new_pkgbuild['license']), mysql_real_escape_string($new_pkgbuild['pkgdesc']), mysql_real_escape_string($new_pkgbuild['url']), - mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"), + mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"), mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"), $pdata["ID"]); @@ -342,7 +344,7 @@ if ($_COOKIE["AURSID"]): mysql_real_escape_string($new_pkgbuild['url']), uid_from_sid($_COOKIE["AURSID"]), uid_from_sid($_COOKIE["AURSID"]), - mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"), + mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"), mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz")); $result = db_query($q, $dbh); diff --git a/web/lib/aur.inc b/web/lib/aur.inc index a126bb9..d08ff0c 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -381,6 +381,34 @@ function rm_rf($dirname="") { return; } +# Recursive chmod to set group write permissions +# +function chmod_group($path) { + if (!is_dir($path)) + return chmod($path, 0664); + + $d = dir($path); + while ($f = $d->read()) { + if ($f != '.' && $f != '..') { + $fullpath = $path.'/'.$f; + if (is_link($fullpath)) + continue; + elseif (!is_dir($fullpath)) { + if (!chmod($fullpath, 0664)) + return FALSE; + } + elseif(!chmod_group($fullpath)) + return FALSE; + } + } + $d->close(); + + if(chmod($path, 0775)) + return TRUE; + else + return FALSE; +} + # obtain the uid given a Users.Username # function uid_from_username($username="") |