Give group writable permissions to uploaded files.

Add a new function chown_group to recursively change permissions. Tweak some of the coding style. Replace some of the redundant string concatenation with a variable. Thanks to Dan McGee for chmod_group. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2025-02-03 09:43:03 +00:00 · 2008-11-09 22:35:00 -05:00 · 2008-11-09 22:35:00 -05:00 · f12b11abc7
commit f12b11abc7
parent 2ac75bd812
2 changed files with 47 additions and 17 deletions
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@ -30,12 +30,10 @@ if ($_COOKIE["AURSID"]):

 		if (!$error) {
 			if (!@mkdir($tempdir)) {
-				$error = __("Could not create incoming directory: %s.",
-					array($tempdir));
+				$error = __("Could not create incoming directory: %s.", $tempdir);
 			} else {
 				if (!@chdir($tempdir)) {
-					$error = __("Could not change directory to %s.",
-						array($tempdir));
+					$error = __("Could not change directory to %s.", $tempdir);
 				} else {
 					if ($_FILES['pfile']['name'] == "PKGBUILD") {
 						move_uploaded_file($_FILES['pfile']['tmp_name'], $tempdir . "/PKGBUILD");
@ -205,32 +203,31 @@ if ($_COOKIE["AURSID"]):
 			}
 		}

+		$incoming_pkgdir = INCOMING_DIR . $pkg_name;
+
 		if (!$error) {
 			# First, see if this package already exists, and if it can be overwritten
 			$pkg_exists = package_exists($pkg_name);
 			if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
-				if (file_exists(INCOMING_DIR . $pkg_name)) {
+				if (file_exists($incoming_pkgdir)) {
 					# Blow away the existing file/dir and contents
-					rm_rf(INCOMING_DIR . $pkg_name);
+					rm_rf($incoming_pkgdir);
 				}

-				if (!@mkdir(INCOMING_DIR . $pkg_name)) {
-					$error = __( "Could not create directory %s.",
-						INCOMING_DIR . $pkg_name);
+				if (!@mkdir($incoming_pkgdir)) {
+					$error = __( "Could not create directory %s.", $incoming_pkgdir);
 				}

-				rename($pkg_dir, INCOMING_DIR . $pkg_name . "/" . $pkg_name);
+				rename($pkg_dir, $incoming_pkgdir . "/" . $pkg_name);
 			} else {
-				$error = __( "You are not allowed to overwrite the %h%s%h package.",
-					"<b>", $pkg_name, "</b>");
+				$error = __( "You are not allowed to overwrite the %h%s%h package.", "<b>", $pkg_name, "</b>");
 			}
 		}

 		# Re-tar the package for consistency's sake
 		if (!$error) {
-			if (!@chdir(INCOMING_DIR . $pkg_name)) {
-				$error = __("Could not change directory to %s.",
-					array(INCOMING_DIR . $pkg_name));
+			if (!@chdir($incoming_pkgdir)) {
+				$error = __("Could not change directory to %s.", $incoming_pkgdir);
 			}
 		}

@ -243,6 +240,11 @@ if ($_COOKIE["AURSID"]):
 			}
 		}

+		# Chmod files after everything has been done.
+		if (!chmod_group($incoming_pkgdir)) {
+			$error = __("Could not chmod directory %s.", $incoming_pkgdir);
+		}
+
 		# Whether it failed or not we can clean this out
 		if (file_exists($tempdir)) {
 			rm_rf($tempdir);
@ -296,7 +298,7 @@ if ($_COOKIE["AURSID"]):
 					mysql_real_escape_string($new_pkgbuild['license']),
 					mysql_real_escape_string($new_pkgbuild['pkgdesc']),
 					mysql_real_escape_string($new_pkgbuild['url']),
-					mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
+					mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
 					mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
 					$pdata["ID"]);

@ -342,7 +344,7 @@ if ($_COOKIE["AURSID"]):
 					mysql_real_escape_string($new_pkgbuild['url']),
 					uid_from_sid($_COOKIE["AURSID"]),
 					uid_from_sid($_COOKIE["AURSID"]),
-					mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
+					mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
 					mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"));

 				$result = db_query($q, $dbh);