diff options
| author | Troels Liebe Bentsen <tlb@rapanden.dk> | 2006-02-24 22:16:55 +0100 |
|---|---|---|
| committer | Troels Liebe Bentsen <tlb@rapanden.dk> | 2006-02-24 22:16:55 +0100 |
| commit | 44881d272282937c9bb745f462c947319d404dd0 (patch) | |
| tree | 186d932116e04b1271ad22a3bd628d6617a49c49 | |
| parent | b687885519897ab2959bb0540ec822b96f722fd6 (diff) | |
| download | rpg-44881d272282937c9bb745f462c947319d404dd0.tar.gz rpg-44881d272282937c9bb745f462c947319d404dd0.tar.bz2 | |
Fix umask bug and do a code cleanup of chmod/mkdir usage so set the correct permissions, this should also fix problems with dokuwiki making setuid files on some umasks.
* Don't set the umask() anymore, this is not good form and we don't really know what is it in the old code anyway as it was not done properly.
* Retire the dmask config option introduce 2 new ones called fmode and dmode, this is more in line with posix and should make more sense.
* Use chmod for setting the correct permissions but only if it's needed.
* Set changing of permissions off by default as i should work properly in most Apache setups without and it does not make sense on windows anyway.
darcs-hash:20060224211655-ee6b9-68f7bb59417d6f0033cfd3764146923daa4dcf1b.gz
| -rwxr-xr-x | bin/indexer.php | 5 | ||||
| -rw-r--r-- | conf/dokuwiki.php | 6 | ||||
| -rw-r--r-- | doku.php | 3 | ||||
| -rw-r--r-- | inc/common.php | 2 | ||||
| -rw-r--r-- | inc/init.php | 34 | ||||
| -rw-r--r-- | inc/io.php | 18 | ||||
| -rw-r--r-- | lib/exe/detail.php | 3 | ||||
| -rw-r--r-- | lib/exe/indexer.php | 1 | ||||
| -rw-r--r-- | lib/exe/media.php | 7 | ||||
| -rw-r--r-- | lib/plugins/plugin/admin.php | 1 |
10 files changed, 46 insertions, 34 deletions
diff --git a/bin/indexer.php b/bin/indexer.php index 0eb1fbe48..4f80d4642 100755 --- a/bin/indexer.php +++ b/bin/indexer.php @@ -79,7 +79,6 @@ function _index($id){ _lock(); echo "$id... "; idx_addPage($id); - umask($conf['umask']); io_saveFile(metaFN($id,'.indexed'),' '); echo "done.\n"; _unlock(); @@ -92,7 +91,7 @@ function _lock(){ global $conf; $lock = $conf['lockdir'].'/_indexer.lock'; $said = false; - while(!@mkdir($lock)){ + while(!@mkdir($lock, $conf['dmode'])){ if(time()-@filemtime($lock) > 60*5){ // looks like a stale lock - remove it @rmdir($lock); @@ -106,6 +105,7 @@ function _lock(){ sleep(15); } } + if(isset($conf['dmask'])) { chmod($lock, $conf['dmask']); } if($said) print "\n"; } @@ -125,7 +125,6 @@ function _clearindex(){ global $conf; _lock(); echo "Clearing index... "; - umask($conf['umask']); io_saveFile($conf['cachedir'].'/word.idx',''); io_saveFile($conf['cachedir'].'/page.idx',''); io_saveFile($conf['cachedir'].'/index.idx',''); diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index bf81d8bc4..1b1c7d6c8 100644 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -8,9 +8,9 @@ /* Datastorage and Permissions */ -$conf['umask'] = 0022; //set the global umask -$conf['fmode'] = 0666; //set file creation mode -$conf['dmode'] = 0777; //set direction creation mode +#$conf['umask'] = 0002; //set the global umask +#$conf['fmode'] = 0666; //set file creation mode +#$conf['dmode'] = 0777; //set direction creation mode $conf['lang'] = 'en'; //your language $conf['basedir'] = ''; //absolute dir from serveroot - blank for autodetection @@ -67,8 +67,5 @@ //do the work act_dispatch($ACT); - //restore old umask - umask($conf['oldumask']); - // xdebug_dump_function_profile(1); ?> diff --git a/inc/common.php b/inc/common.php index ef36593ab..cef8a0ab0 100644 --- a/inc/common.php +++ b/inc/common.php @@ -810,7 +810,6 @@ function getRevisionInfo($id,$rev){ function saveWikiText($id,$text,$summary,$minor=false){ global $conf; global $lang; - umask($conf['umask']); // ignore if no changes were made if($text == rawWiki($id,'')){ return; @@ -857,7 +856,6 @@ function saveWikiText($id,$text,$summary,$minor=false){ */ function saveOldRevision($id){ global $conf; - umask($conf['umask']); $oldf = wikiFN($id); if(!@file_exists($oldf)) return ''; $date = filemtime($oldf); diff --git a/inc/init.php b/inc/init.php index a81ca2d10..855096bae 100644 --- a/inc/init.php +++ b/inc/init.php @@ -76,8 +76,35 @@ $conf['usegzip'] = 0; } - // remember original umask - $conf['oldumask'] = umask(); + // Legacy support for old umask/dmask scheme + if(isset($conf['dmask'])) { + unset($conf['dmask']); + unset($conf['fmask']); + unset($conf['umask']); + } + + // Set defaults for fmode, dmode and umask. + if(!isset($conf['fmode'])) { + $conf['fmode'] = 0666; + } + if(!isset($conf['dmode'])) { + $conf['dmode'] = 0777; + } + if(!isset($conf['umask'])) { + $conf['umask'] = umask(); + } + + // Precalculate the fmask and dmask, so we can set later. + if(($conf['umask'] != umask()) or ($conf['fmode'] != 0666)) { + $conf['fmask'] = $conf['fmode'] & ~$conf['umask']; + } + if(($conf['umask'] != umask()) or ($conf['dmode'] != 0666)) { + $conf['dmask'] = $conf['dmode'] & ~$conf['umask']; + } +# print "$name:".sprintf("dmask:%04o<br>\n",$conf['dmode'])."\n"; +# print "$name:".sprintf("umask:%04o<br>\n",$conf['umask'])."\n"; +# print "$name:".sprintf("dmask:%04o<br>\n",$conf['dmask'])."\n"; +# exit; // make real paths and check them init_paths(); @@ -118,12 +145,11 @@ function init_files(){ $conf['cachedir'].'/page.idx', $conf['cachedir'].'/index.idx', ); - umask($conf['umask']); foreach($files as $file){ if(!@file_exists($file)){ $fh = fopen($file,'a'); fclose($fh); - chmod($conf['fmode'], $file); + if(isset($conf['fmask'])) { chmod($file, $conf['fmask']); } } } } diff --git a/inc/io.php b/inc/io.php index 3e13124de..bf8bc903c 100644 --- a/inc/io.php +++ b/inc/io.php @@ -88,7 +88,7 @@ function io_saveFile($file,$content,$append=false){ fclose($fh); } - if(!$fileexists && $conf['fmode'] != 0666) { chmod($file, $conf['fmode']); } + if(!$fileexists and isset($conf['fmask'])) { chmod($file, $conf['fmask']); } io_unlock($file); return true; } @@ -178,7 +178,8 @@ function io_lock($file){ do { //waited longer than 3 seconds? -> stale lock if ((time() - $timeStart) > 3) break; - $locked = @mkdir($lockDir); + $locked = @mkdir($lockDir, $conf['dmode']); + if($locked and isset($conf['dmask'])) { chmod($lockDir, $conf['dmask']); } } while ($locked === false); } @@ -206,7 +207,6 @@ function io_makeFileDir($file){ global $conf; $dir = dirname($file); - umask($conf['umask']); if(!is_dir($dir)){ io_mkdir_p($dir) || msg("Creating directory $dir failed",-1); } @@ -229,7 +229,9 @@ function io_mkdir_p($target){ $dir = preg_replace('/^'.preg_quote(realpath($conf['ftp']['root']),'/').'/','', $target); return io_mkdir_ftp($dir); }else{ - return @mkdir($target,$conf['dmode']); // crawl back up & create dir tree + $ret = @mkdir($target,$conf['dmode']); // crawl back up & create dir tree + if($ret and isset($conf['dmask'])) { chmod($target, $conf['dmask']); } + return $ret; } } return 0; @@ -264,7 +266,7 @@ function io_mkdir_ftp($dir){ //create directory $ok = @ftp_mkdir($conn, $dir); //set permissions (using the directory umask and dmode) - @ftp_site($conn,sprintf("CHMOD %04o %s",($conf['dmode'] & ~$conf['umask']),$dir)); + @ftp_site($conn,sprintf("CHMOD %04o %s",$conf['dmask'],$dir)); @ftp_close($conn); return $ok; @@ -315,12 +317,11 @@ function io_download($url,$file,$useAttachment=false,$defaultName=''){ } $fileexists = file_exists($file); - umask($conf['umask']); $fp = @fopen($file,"w"); if(!$fp) return false; fwrite($fp,$data); fclose($fp); - if(!$fileexists && $conf['fmode'] != 0666) { chmod($file, $conf['fmode']); } + if(!$fileexists and isset($conf['fmask'])) { chmod($file, $conf['fmask']); } if ($useAttachment) return $name; return true; } @@ -335,7 +336,7 @@ function io_rename($from,$to){ global $conf; if(!@rename($from,$to)){ if(@copy($from,$to)){ - if($conf['fmode'] != 0666) { chmod($file, $conf['fmode']); } + if(isset($conf['fmask'])) { chmod($file, $conf['fmask']); } @unlink($from); return true; } @@ -363,5 +364,4 @@ function io_runcmd($cmd){ return $ret; } - //Setup VIM: ex: et ts=2 enc=utf-8 : diff --git a/lib/exe/detail.php b/lib/exe/detail.php index 0b6af379b..2907acfbf 100644 --- a/lib/exe/detail.php +++ b/lib/exe/detail.php @@ -55,7 +55,4 @@ header('Content-Type: text/html; charset=utf-8'); include(template('detail.php')); - //restore old umask - umask($conf['oldumask']); - ?> diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php index 19eea767f..8fe9e35d4 100644 --- a/lib/exe/indexer.php +++ b/lib/exe/indexer.php @@ -60,6 +60,7 @@ function runIndexer(){ return false; } } + if(isset($conf['dmask'])) { chmod($lock, $conf['dmask']); } require_once(DOKU_INC.'inc/indexer.php'); diff --git a/lib/exe/media.php b/lib/exe/media.php index 47af3c4d3..bbdf1814e 100644 --- a/lib/exe/media.php +++ b/lib/exe/media.php @@ -68,9 +68,6 @@ }else{ include(template('media.php')); } - - //restore old umask - umask($conf['oldumask']); /**********************************************/ @@ -116,9 +113,7 @@ function media_upload($NS,$AUTH){ $types = array_map(create_function('$q','return preg_quote($q,"/");'),$types); $regex = join('|',$types); - // we set the umask here but this doesn't really help // because a temp file was created already - umask($conf['umask']); if(preg_match('/\.('.$regex.')$/i',$fn)){ //check for overwrite if(@file_exists($fn) && (!$_POST['ow'] || $AUTH < AUTH_DELETE)){ @@ -129,7 +124,7 @@ function media_upload($NS,$AUTH){ io_makeFileDir($fn); if(move_uploaded_file($file['tmp_name'], $fn)) { // set the correct permission here - chmod($fn, $conf['fmode'] & ~$conf['umask']); + if(isset($conf['fmask'])) { chmod($fn, $conf['fmask']); } msg($lang['uploadsucc'],1); return true; }else{ diff --git a/lib/plugins/plugin/admin.php b/lib/plugins/plugin/admin.php index 7715d10ff..92df52b61 100644 --- a/lib/plugins/plugin/admin.php +++ b/lib/plugins/plugin/admin.php @@ -587,7 +587,6 @@ class ap_manage { function ap_mkdir($d) { global $conf; - umask($conf['umask']); $ok = io_mkdir_p($d); return $ok; } |