diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-10-21 12:09:41 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-10-21 12:09:41 +0000 |
commit | 2a0e32644822d34416f4633b4c6fc8674870e6d8 (patch) | |
tree | 72e32a7d4a1bbe07e83bcff6402923e4c1ca9b85 /includes | |
parent | c7e9857de4887d33f8020a4e843ef854848f454e (diff) | |
download | brdo-2a0e32644822d34416f4633b4c6fc8674870e6d8.tar.gz brdo-2a0e32644822d34416f4633b4c6fc8674870e6d8.tar.bz2 |
- Patch #942690 by effulgentsia: security harden stream wrappers by defaulting them as remote.
Diffstat (limited to 'includes')
-rw-r--r-- | includes/file.inc | 39 | ||||
-rw-r--r-- | includes/stream_wrappers.inc | 24 |
2 files changed, 50 insertions, 13 deletions
diff --git a/includes/file.inc b/includes/file.inc index 588bea086..0eb97281f 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -90,12 +90,37 @@ define('FILE_STATUS_PERMANENT', 1); * * A stream is referenced as "scheme://target". * + * The optional $filter parameter can be used to retrieve only the stream + * wrappers that are appropriate for particular usage. For example, this returns + * only stream wrappers that use local file storage: + * @code + * $local_stream_wrappers = file_get_stream_wrappers(STEAM_WRAPPERS_LOCAL); + * @endcode + * + * The $filter parameter can only filter to types containing a particular flag. + * In some cases, you may want to filter to types that do not contain a + * particular flag. For example, you may want to retrieve all stream wrappers + * that are not writable, or all stream wrappers that are not local. PHP's + * array_diff_key() function can be used to help with this. For example, this + * returns only stream wrappers that do not use local file storage: + * @code + * $remote_stream_wrappers = array_diff_key(file_get_stream_wrappers(STREAM_WRAPPERS_ALL), file_get_stream_wrappers(STEAM_WRAPPERS_LOCAL)); + * @endcode + * * @param $filter - * Optionally filter out all types except these. Defaults to - * STREAM_WRAPPERS_ALL, which returns all registered stream wrappers. + * (Optional) Filters out all types except those with an on bit for each on + * bit in $filter. For example, if $filter is STREAM_WRAPPERS_WRITE_VISIBLE, + * which is equal to (STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE | + * STREAM_WRAPPERS_VISIBLE), then only stream wrappers with all three of these + * bits set are returned. Defaults to STREAM_WRAPPERS_ALL, which returns all + * registered stream wrappers. * * @return - * Returns the entire Drupal stream wrapper registry. + * An array keyed by scheme, with values containing an array of information + * about the stream wrapper, as returned by hook_stream_wrappers(). If $filter + * is omitted or set to STREAM_WRAPPERS_ALL, the entire Drupal stream wrapper + * registry is returned. Otherwise only the stream wrappers whose 'type' + * bitmask has an on bit for each bit specified in $filter are returned. * * @see hook_stream_wrappers() * @see hook_stream_wrappers_alter() @@ -122,11 +147,11 @@ function file_get_stream_wrappers($filter = STREAM_WRAPPERS_ALL) { else { $wrappers[$scheme]['override'] = FALSE; } - if (($info['type'] & STREAM_WRAPPERS_REMOTE) == STREAM_WRAPPERS_REMOTE) { - stream_wrapper_register($scheme, $info['class'], STREAM_IS_URL); + if (($info['type'] & STREAM_WRAPPERS_LOCAL) == STREAM_WRAPPERS_LOCAL) { + stream_wrapper_register($scheme, $info['class']); } else { - stream_wrapper_register($scheme, $info['class']); + stream_wrapper_register($scheme, $info['class'], STREAM_IS_URL); } } // Pre-populate the static cache with the filters most typically used. @@ -141,7 +166,7 @@ function file_get_stream_wrappers($filter = STREAM_WRAPPERS_ALL) { $wrappers_storage[$filter] = array(); foreach ($wrappers_storage[STREAM_WRAPPERS_ALL] as $scheme => $info) { // Bit-wise filter. - if ($info['type'] & $filter == $filter) { + if (($info['type'] & $filter) == $filter) { $wrappers_storage[$filter][$scheme] = $info; } } diff --git a/includes/stream_wrappers.inc b/includes/stream_wrappers.inc index f49d3bc29..23faf4fc9 100644 --- a/includes/stream_wrappers.inc +++ b/includes/stream_wrappers.inc @@ -22,6 +22,9 @@ /** * Stream wrapper bit flags that are the basis for composite types. + * + * Note that 0x0002 is skipped, because it was the value of a constant that has + * since been removed. */ /** @@ -35,11 +38,6 @@ define('STREAM_WRAPPERS_ALL', 0x0000); define('STREAM_WRAPPERS_LOCAL', 0x0001); /** - * Stream wrapper bit flag -- refers to a remote filesystem location. - */ -define('STREAM_WRAPPERS_REMOTE', 0x0002); - -/** * Stream wrapper bit flag -- wrapper is readable (almost always true). */ define('STREAM_WRAPPERS_READ', 0x0004); @@ -65,6 +63,11 @@ define('STREAM_WRAPPERS_VISIBLE', 0x0010); define('STREAM_WRAPPERS_HIDDEN', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE); /** + * Stream wrapper type flag -- hidden, readable and writeable using local files. + */ +define('STREAM_WRAPPERS_LOCAL_HIDDEN', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_HIDDEN); + +/** * Stream wrapper type flag -- visible, readable and writeable. */ define('STREAM_WRAPPERS_WRITE_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_WRITE | STREAM_WRAPPERS_VISIBLE); @@ -75,9 +78,18 @@ define('STREAM_WRAPPERS_WRITE_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_W define('STREAM_WRAPPERS_READ_VISIBLE', STREAM_WRAPPERS_READ | STREAM_WRAPPERS_VISIBLE); /** + * Stream wrapper type flag -- the default when 'type' is omitted from + * hook_stream_wrappers(). This does not include STREAM_WRAPPERS_LOCAL, + * because PHP grants a greater trust level to local files (for example, they + * can be used in an "include" statement, regardless of the "allow_url_include" + * setting), so stream wrappers need to explicitly opt-in to this. + */ +define('STREAM_WRAPPERS_NORMAL', STREAM_WRAPPERS_WRITE_VISIBLE); + +/** * Stream wrapper type flag -- visible, readable and writeable using local files. */ -define('STREAM_WRAPPERS_NORMAL', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_WRITE_VISIBLE); +define('STREAM_WRAPPERS_LOCAL_NORMAL', STREAM_WRAPPERS_LOCAL | STREAM_WRAPPERS_NORMAL); /** * Generic PHP stream wrapper interface. |