commit c0772d3fbd1bdc958c5d1e2f068e031650009ab5 Author: Hugh Davenport Date: Mon Sep 24 13:28:12 2012 +1200 Fix saved file permissions Bug #1055232 Currently, files that are saved by Mahara use the directorypermissions config option, which defaults to 0700, which allows execution. This allows users to potentially upload files with executable bits set, and if they have control of the config options pathtoclam, pathtozip, or pathtounzip then they could run this command when one of those commands are invocated. This patch bitwise-AND's the directory permissions config with 0666, which removes any executable bit and sets the result as a new config option filepermissions. A change the upload code to use this new option is made Change-Id: I088d9873de7797d5a9aefc2401301f8b855ed592 Signed-off-by: Hugh Davenport Conflicts: htdocs/artefact/file/lib.php htdocs/lib/uploadmanager.php diff --git a/htdocs/artefact/file/lib.php b/htdocs/artefact/file/lib.php index 0ba76f2..ad4b0e5 100644 --- a/htdocs/artefact/file/lib.php +++ b/htdocs/artefact/file/lib.php @@ -833,6 +833,7 @@ class ArtefactTypeFile extends ArtefactTypeFileBase { $f->delete(); return false; } + chmod($newname, get_config('filepermissions')); if (empty($user)) { global $USER; $user = $USER; @@ -1950,7 +1951,7 @@ class ArtefactTypeArchive extends ArtefactTypeFile { // Untar everything into a temp directory first $tempsubdir = tempnam($tempdir, ''); unlink($tempsubdir); - mkdir($tempsubdir); + mkdir($tempsubdir, get_config('directorypermissions')); if (!$this->handle->extract($tempsubdir)) { throw new SystemException("Unable to extract archive into $tempsubdir"); } diff --git a/htdocs/init.php b/htdocs/init.php index b2c5dd4..49a814b 100644 --- a/htdocs/init.php +++ b/htdocs/init.php @@ -80,6 +80,7 @@ $CFG->xmldbdisablecommentchecking = true; if (empty($CFG->directorypermissions)) { $CFG->directorypermissions = 0700; } +$CFG->filepermissions = $CFG->directorypermissions & 0666; // core libraries require('mahara.php'); diff --git a/htdocs/lib/db/upgrade.php b/htdocs/lib/db/upgrade.php index d3ade10..6415603 100644 --- a/htdocs/lib/db/upgrade.php +++ b/htdocs/lib/db/upgrade.php @@ -638,7 +638,7 @@ function xmldb_core_upgrade($oldversion=0) { if (is_dir($artefactdata . 'internal/profileicons')) { if (!is_dir($artefactdata . 'file')) { - mkdir($artefactdata . 'file'); + mkdir($artefactdata . 'file', get_config('directorypermissions')); } if (!rename($artefactdata . 'internal/profileicons', $artefactdata . 'file/profileicons')) { throw new SystemException("Failed moving $artefactdata/internal/profileicons to $artefactdata/file/profileicons"); diff --git a/htdocs/lib/file.php b/htdocs/lib/file.php index 4b4a9e3..ad77c9b 100644 --- a/htdocs/lib/file.php +++ b/htdocs/lib/file.php @@ -787,7 +787,7 @@ function copyr($source, $dest) // Make destination directory if (!is_dir($dest)) { - mkdir($dest); + mkdir($dest, get_config('directorypermissions')); } // Loop through the folder diff --git a/htdocs/lib/uploadmanager.php b/htdocs/lib/uploadmanager.php index 0a87422..822265f 100644 --- a/htdocs/lib/uploadmanager.php +++ b/htdocs/lib/uploadmanager.php @@ -155,7 +155,7 @@ class upload_manager { } if (move_uploaded_file($this->file['tmp_name'], $destination . '/' . $newname)) { - chmod($destination . '/' . $newname, 0700); + chmod($destination . '/' . $newname, get_config('filepermissions')); return false; } return get_string('failedmovingfiletodataroot');