mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
Give group writable permissions to uploaded files.
Add a new function chown_group to recursively change permissions. Tweak some of the coding style. Replace some of the redundant string concatenation with a variable. Thanks to Dan McGee for chmod_group. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This commit is contained in:
Loui Chang
parent
2ac75bd812
commit
f12b11abc7
2 changed files with 47 additions and 17 deletions
|
|
@ -30,12 +30,10 @@ if ($_COOKIE["AURSID"]):
|
|||
|
||||
if (!$error) {
|
||||
if (!@mkdir($tempdir)) {
|
||||
$error = __("Could not create incoming directory: %s.",
|
||||
array($tempdir));
|
||||
$error = __("Could not create incoming directory: %s.", $tempdir);
|
||||
} else {
|
||||
if (!@chdir($tempdir)) {
|
||||
$error = __("Could not change directory to %s.",
|
||||
array($tempdir));
|
||||
$error = __("Could not change directory to %s.", $tempdir);
|
||||
} else {
|
||||
if ($_FILES['pfile']['name'] == "PKGBUILD") {
|
||||
move_uploaded_file($_FILES['pfile']['tmp_name'], $tempdir . "/PKGBUILD");
|
||||
|
|
@ -205,32 +203,31 @@ if ($_COOKIE["AURSID"]):
|
|||
}
|
||||
}
|
||||
|
||||
$incoming_pkgdir = INCOMING_DIR . $pkg_name;
|
||||
|
||||
if (!$error) {
|
||||
# First, see if this package already exists, and if it can be overwritten
|
||||
$pkg_exists = package_exists($pkg_name);
|
||||
if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
|
||||
if (file_exists(INCOMING_DIR . $pkg_name)) {
|
||||
if (file_exists($incoming_pkgdir)) {
|
||||
# Blow away the existing file/dir and contents
|
||||
rm_rf(INCOMING_DIR . $pkg_name);
|
||||
rm_rf($incoming_pkgdir);
|
||||
}
|
||||
|
||||
if (!@mkdir(INCOMING_DIR . $pkg_name)) {
|
||||
$error = __( "Could not create directory %s.",
|
||||
INCOMING_DIR . $pkg_name);
|
||||
if (!@mkdir($incoming_pkgdir)) {
|
||||
$error = __( "Could not create directory %s.", $incoming_pkgdir);
|
||||
}
|
||||
|
||||
rename($pkg_dir, INCOMING_DIR . $pkg_name . "/" . $pkg_name);
|
||||
rename($pkg_dir, $incoming_pkgdir . "/" . $pkg_name);
|
||||
} else {
|
||||
$error = __( "You are not allowed to overwrite the %h%s%h package.",
|
||||
"<b>", $pkg_name, "</b>");
|
||||
$error = __( "You are not allowed to overwrite the %h%s%h package.", "<b>", $pkg_name, "</b>");
|
||||
}
|
||||
}
|
||||
|
||||
# Re-tar the package for consistency's sake
|
||||
if (!$error) {
|
||||
if (!@chdir(INCOMING_DIR . $pkg_name)) {
|
||||
$error = __("Could not change directory to %s.",
|
||||
array(INCOMING_DIR . $pkg_name));
|
||||
if (!@chdir($incoming_pkgdir)) {
|
||||
$error = __("Could not change directory to %s.", $incoming_pkgdir);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -243,6 +240,11 @@ if ($_COOKIE["AURSID"]):
|
|||
}
|
||||
}
|
||||
|
||||
# Chmod files after everything has been done.
|
||||
if (!chmod_group($incoming_pkgdir)) {
|
||||
$error = __("Could not chmod directory %s.", $incoming_pkgdir);
|
||||
}
|
||||
|
||||
# Whether it failed or not we can clean this out
|
||||
if (file_exists($tempdir)) {
|
||||
rm_rf($tempdir);
|
||||
|
|
@ -296,7 +298,7 @@ if ($_COOKIE["AURSID"]):
|
|||
mysql_real_escape_string($new_pkgbuild['license']),
|
||||
mysql_real_escape_string($new_pkgbuild['pkgdesc']),
|
||||
mysql_real_escape_string($new_pkgbuild['url']),
|
||||
mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
|
||||
mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
|
||||
mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
|
||||
$pdata["ID"]);
|
||||
|
||||
|
|
@ -342,7 +344,7 @@ if ($_COOKIE["AURSID"]):
|
|||
mysql_real_escape_string($new_pkgbuild['url']),
|
||||
uid_from_sid($_COOKIE["AURSID"]),
|
||||
uid_from_sid($_COOKIE["AURSID"]),
|
||||
mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
|
||||
mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
|
||||
mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"));
|
||||
|
||||
$result = db_query($q, $dbh);
|
||||
|
|
|
|||
|
|
@ -381,6 +381,34 @@ function rm_rf($dirname="") {
|
|||
return;
|
||||
}
|
||||
|
||||
# Recursive chmod to set group write permissions
|
||||
#
|
||||
function chmod_group($path) {
|
||||
if (!is_dir($path))
|
||||
return chmod($path, 0664);
|
||||
|
||||
$d = dir($path);
|
||||
while ($f = $d->read()) {
|
||||
if ($f != '.' && $f != '..') {
|
||||
$fullpath = $path.'/'.$f;
|
||||
if (is_link($fullpath))
|
||||
continue;
|
||||
elseif (!is_dir($fullpath)) {
|
||||
if (!chmod($fullpath, 0664))
|
||||
return FALSE;
|
||||
}
|
||||
elseif(!chmod_group($fullpath))
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
$d->close();
|
||||
|
||||
if(chmod($path, 0775))
|
||||
return TRUE;
|
||||
else
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
# obtain the uid given a Users.Username
|
||||
#
|
||||
function uid_from_username($username="")
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue