summaryrefslogtreecommitdiff
path: root/web
diff options
context:
space:
mode:
authorLoui Chang <louipc.ist@gmail.com>2008-11-09 22:35:00 -0500
committerLoui Chang <louipc.ist@gmail.com>2008-11-13 15:19:26 -0500
commitf12b11abc70b03fa75faf211a6311acb1cc1b32d (patch)
tree7c43e9a46d0a560d1bd6f550c105b8179543fc05 /web
parent2ac75bd81278a6a51d3eef56e9088c198a887a6d (diff)
Give group writable permissions to uploaded files.
Add a new function chown_group to recursively change permissions. Tweak some of the coding style. Replace some of the redundant string concatenation with a variable. Thanks to Dan McGee for chmod_group. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgsubmit.php36
-rw-r--r--web/lib/aur.inc28
2 files changed, 47 insertions, 17 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index c38e224..4446648 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -30,12 +30,10 @@ if ($_COOKIE["AURSID"]):
if (!$error) {
if (!@mkdir($tempdir)) {
- $error = __("Could not create incoming directory: %s.",
- array($tempdir));
+ $error = __("Could not create incoming directory: %s.", $tempdir);
} else {
if (!@chdir($tempdir)) {
- $error = __("Could not change directory to %s.",
- array($tempdir));
+ $error = __("Could not change directory to %s.", $tempdir);
} else {
if ($_FILES['pfile']['name'] == "PKGBUILD") {
move_uploaded_file($_FILES['pfile']['tmp_name'], $tempdir . "/PKGBUILD");
@@ -205,32 +203,31 @@ if ($_COOKIE["AURSID"]):
}
}
+ $incoming_pkgdir = INCOMING_DIR . $pkg_name;
+
if (!$error) {
# First, see if this package already exists, and if it can be overwritten
$pkg_exists = package_exists($pkg_name);
if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
- if (file_exists(INCOMING_DIR . $pkg_name)) {
+ if (file_exists($incoming_pkgdir)) {
# Blow away the existing file/dir and contents
- rm_rf(INCOMING_DIR . $pkg_name);
+ rm_rf($incoming_pkgdir);
}
- if (!@mkdir(INCOMING_DIR . $pkg_name)) {
- $error = __( "Could not create directory %s.",
- INCOMING_DIR . $pkg_name);
+ if (!@mkdir($incoming_pkgdir)) {
+ $error = __( "Could not create directory %s.", $incoming_pkgdir);
}
- rename($pkg_dir, INCOMING_DIR . $pkg_name . "/" . $pkg_name);
+ rename($pkg_dir, $incoming_pkgdir . "/" . $pkg_name);
} else {
- $error = __( "You are not allowed to overwrite the %h%s%h package.",
- "<b>", $pkg_name, "</b>");
+ $error = __( "You are not allowed to overwrite the %h%s%h package.", "<b>", $pkg_name, "</b>");
}
}
# Re-tar the package for consistency's sake
if (!$error) {
- if (!@chdir(INCOMING_DIR . $pkg_name)) {
- $error = __("Could not change directory to %s.",
- array(INCOMING_DIR . $pkg_name));
+ if (!@chdir($incoming_pkgdir)) {
+ $error = __("Could not change directory to %s.", $incoming_pkgdir);
}
}
@@ -243,6 +240,11 @@ if ($_COOKIE["AURSID"]):
}
}
+ # Chmod files after everything has been done.
+ if (!chmod_group($incoming_pkgdir)) {
+ $error = __("Could not chmod directory %s.", $incoming_pkgdir);
+ }
+
# Whether it failed or not we can clean this out
if (file_exists($tempdir)) {
rm_rf($tempdir);
@@ -296,7 +298,7 @@ if ($_COOKIE["AURSID"]):
mysql_real_escape_string($new_pkgbuild['license']),
mysql_real_escape_string($new_pkgbuild['pkgdesc']),
mysql_real_escape_string($new_pkgbuild['url']),
- mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
+ mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
$pdata["ID"]);
@@ -342,7 +344,7 @@ if ($_COOKIE["AURSID"]):
mysql_real_escape_string($new_pkgbuild['url']),
uid_from_sid($_COOKIE["AURSID"]),
uid_from_sid($_COOKIE["AURSID"]),
- mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
+ mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"));
$result = db_query($q, $dbh);
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index a126bb9..d08ff0c 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -381,6 +381,34 @@ function rm_rf($dirname="") {
return;
}
+# Recursive chmod to set group write permissions
+#
+function chmod_group($path) {
+ if (!is_dir($path))
+ return chmod($path, 0664);
+
+ $d = dir($path);
+ while ($f = $d->read()) {
+ if ($f != '.' && $f != '..') {
+ $fullpath = $path.'/'.$f;
+ if (is_link($fullpath))
+ continue;
+ elseif (!is_dir($fullpath)) {
+ if (!chmod($fullpath, 0664))
+ return FALSE;
+ }
+ elseif(!chmod_group($fullpath))
+ return FALSE;
+ }
+ }
+ $d->close();
+
+ if(chmod($path, 0775))
+ return TRUE;
+ else
+ return FALSE;
+}
+
# obtain the uid given a Users.Username
#
function uid_from_username($username="")