diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-10-21 12:09:41 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-10-21 12:09:41 +0000 |
| commit | 2a0e32644822d34416f4633b4c6fc8674870e6d8 (patch) | |
| tree | 72e32a7d4a1bbe07e83bcff6402923e4c1ca9b85 /includes/file.inc | |
| parent | c7e9857de4887d33f8020a4e843ef854848f454e (diff) | |
| download | brdo-2a0e32644822d34416f4633b4c6fc8674870e6d8.tar.gz brdo-2a0e32644822d34416f4633b4c6fc8674870e6d8.tar.bz2 | |
- Patch #942690 by effulgentsia: security harden stream wrappers by defaulting them as remote.
Diffstat (limited to 'includes/file.inc')
| -rw-r--r-- | includes/file.inc | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/includes/file.inc b/includes/file.inc index 588bea086..0eb97281f 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -90,12 +90,37 @@ define('FILE_STATUS_PERMANENT', 1); * * A stream is referenced as "scheme://target". * + * The optional $filter parameter can be used to retrieve only the stream + * wrappers that are appropriate for particular usage. For example, this returns + * only stream wrappers that use local file storage: + * @code + * $local_stream_wrappers = file_get_stream_wrappers(STEAM_WRAPPERS_LOCAL); + * @endcode + * + * The $filter parameter can only filter to types containing a particular flag. + * In some cases, you may want to filter to types that do not contain a + * particular flag. For example, you may want to retrieve all stream wrappers + * that are not writable, or all stream wrappers that are not local. PHP's + * array_diff_key() function can be used to help with this. For example, this + * returns only stream wrappers that do not use local file storage: + * @code + * $remote_stream_wrappers = array_diff_key(file_get_stream_wrappers(STREAM_WRAPPERS_ALL), file_get_stream_wrappers(STEAM_WRAPPERS_LOCAL)); + * @endcode + * * @param $filter - * Optionally filter out all types except these. Defaults to - * STREAM_WRAPPERS_ALL, which returns all registered stream wrappers. + * (Optional) Filters out all types except those with an on bit for each on + * bit in $filter. For example, if $filter is STREAM_WRAPPERS_WRITE_VISIBLE, + * which is equal to (STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE | + * STREAM_WRAPPERS_VISIBLE), then only stream wrappers with all three of these + * bits set are returned. Defaults to STREAM_WRAPPERS_ALL, which returns all + * registered stream wrappers. * * @return - * Returns the entire Drupal stream wrapper registry. + * An array keyed by scheme, with values containing an array of information + * about the stream wrapper, as returned by hook_stream_wrappers(). If $filter + * is omitted or set to STREAM_WRAPPERS_ALL, the entire Drupal stream wrapper + * registry is returned. Otherwise only the stream wrappers whose 'type' + * bitmask has an on bit for each bit specified in $filter are returned. * * @see hook_stream_wrappers() * @see hook_stream_wrappers_alter() @@ -122,11 +147,11 @@ function file_get_stream_wrappers($filter = STREAM_WRAPPERS_ALL) { else { $wrappers[$scheme]['override'] = FALSE; } - if (($info['type'] & STREAM_WRAPPERS_REMOTE) == STREAM_WRAPPERS_REMOTE) { - stream_wrapper_register($scheme, $info['class'], STREAM_IS_URL); + if (($info['type'] & STREAM_WRAPPERS_LOCAL) == STREAM_WRAPPERS_LOCAL) { + stream_wrapper_register($scheme, $info['class']); } else { - stream_wrapper_register($scheme, $info['class']); + stream_wrapper_register($scheme, $info['class'], STREAM_IS_URL); } } // Pre-populate the static cache with the filters most typically used. @@ -141,7 +166,7 @@ function file_get_stream_wrappers($filter = STREAM_WRAPPERS_ALL) { $wrappers_storage[$filter] = array(); foreach ($wrappers_storage[STREAM_WRAPPERS_ALL] as $scheme => $info) { // Bit-wise filter. - if ($info['type'] & $filter == $filter) { + if (($info['type'] & $filter) == $filter) { $wrappers_storage[$filter][$scheme] = $info; } } |