From 459657415189f4fe3f8d4eb05b209ab78409f9b0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 20:40:11 +0300 Subject: Fix #2963 Changed all file permissions settings throught the framework and the documentation. Also added configuration settings for CI_Log and CI_Image_lib --- application/config/config.php | 12 ++++++++++ application/config/constants.php | 2 +- system/core/Log.php | 30 +++++++++++++++++------- system/core/Output.php | 2 +- system/database/DB_cache.php | 11 +++------ system/libraries/Cache/drivers/Cache_file.php | 2 +- system/libraries/Image_lib.php | 23 ++++++++++-------- user_guide_src/source/changelog.rst | 7 +++++- user_guide_src/source/helpers/captcha_helper.rst | 2 +- user_guide_src/source/helpers/file_helper.rst | 4 ++-- user_guide_src/source/libraries/ftp.rst | 6 ++--- user_guide_src/source/libraries/image_lib.rst | 2 ++ user_guide_src/source/libraries/zip.rst | 2 +- 13 files changed, 67 insertions(+), 38 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index b6b3c9fdf..e8d30b625 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -262,6 +262,18 @@ $config['log_path'] = ''; */ $config['log_file_extension'] = ''; +/* +|-------------------------------------------------------------------------- +| Log File Permissions +|-------------------------------------------------------------------------- +| +| The file system permissions to be applied on newly created log files. +| +| IMPORTANT: This MUST be an integer (no quotes) and you MUST use octal +| integer notation (i.e. 0700, 0644, etc.) +*/ +$config['log_file_permissions'] = 0644; + /* |-------------------------------------------------------------------------- | Date Format for Logs diff --git a/application/config/constants.php b/application/config/constants.php index 239fd46fb..c19f044ab 100644 --- a/application/config/constants.php +++ b/application/config/constants.php @@ -42,7 +42,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); define('FILE_READ_MODE', 0644); define('FILE_WRITE_MODE', 0666); define('DIR_READ_MODE', 0755); -define('DIR_WRITE_MODE', 0777); +define('DIR_WRITE_MODE', 0755); /* |-------------------------------------------------------------------------- diff --git a/system/core/Log.php b/system/core/Log.php index a949c3f39..57505b526 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -44,33 +44,40 @@ class CI_Log { */ protected $_log_path; + /** + * File permissions + * + * @var int + */ + protected $_file_permissions = 0644; + /** * Level of logging * * @var int */ - protected $_threshold = 1; + protected $_threshold = 1; /** * Highest level of logging * * @var int */ - protected $_threshold_max = 0; + protected $_threshold_max = 0; /** * Array of threshold levels to log * * @var array */ - protected $_threshold_array = array(); + protected $_threshold_array = array(); /** * Format of timestamp for log files * * @var string */ - protected $_date_fmt = 'Y-m-d H:i:s'; + protected $_date_fmt = 'Y-m-d H:i:s'; /** * Filename extension @@ -84,14 +91,14 @@ class CI_Log { * * @var bool */ - protected $_enabled = TRUE; + protected $_enabled = TRUE; /** * Predefined logging levels * * @var array */ - protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); + protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); // -------------------------------------------------------------------- @@ -108,7 +115,7 @@ class CI_Log { $this->_file_ext = (isset($config['log_file_extension']) && $config['log_file_extension'] !== '') ? ltrim($config['log_file_extension'], '.') : 'php'; - file_exists($this->_log_path) OR mkdir($this->_log_path, 0777, TRUE); + file_exists($this->_log_path) OR mkdir($this->_log_path, 0755, TRUE); if ( ! is_dir($this->_log_path) OR ! is_really_writable($this->_log_path)) { @@ -125,10 +132,15 @@ class CI_Log { $this->_threshold_array = array_flip($config['log_threshold']); } - if ($config['log_date_format'] !== '') + if ( ! empty($config['log_date_format'])) { $this->_date_fmt = $config['log_date_format']; } + + if (is_int($config['log_file_permissions'])) + { + $this->_file_permissions = $config['log_file_permissions']; + } } // -------------------------------------------------------------------- @@ -192,7 +204,7 @@ class CI_Log { if (isset($newfile) && $newfile === TRUE) { - @chmod($filepath, 0666); + chmod($filepath, $this->_file_permissions); } return is_int($result); diff --git a/system/core/Output.php b/system/core/Output.php index 238d223e2..de07125ad 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -606,7 +606,7 @@ class CI_Output { if (is_int($result)) { - @chmod($cache_path, 0666); + chmod($cache_path, 0640); log_message('debug', 'Cache file written: '.$cache_path); // Send HTTP cache-control headers to browser to match file cache settings. diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php index b855ff24e..2efb42c5c 100644 --- a/system/database/DB_cache.php +++ b/system/database/DB_cache.php @@ -156,14 +156,9 @@ class CI_DB_Cache { $dir_path = $this->db->cachedir.$segment_one.'+'.$segment_two.'/'; $filename = md5($sql); - if ( ! is_dir($dir_path)) + if ( ! is_dir($dir_path) && ! @mkdir($dir_path, 0750)) { - if ( ! @mkdir($dir_path, 0777)) - { - return FALSE; - } - - @chmod($dir_path, 0777); + return FALSE; } if (write_file($dir_path.$filename, serialize($object)) === FALSE) @@ -171,7 +166,7 @@ class CI_DB_Cache { return FALSE; } - @chmod($dir_path.$filename, 0666); + chmod($dir_path.$filename, 0640); return TRUE; } diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index aa2e8fa38..29898040a 100644 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -92,7 +92,7 @@ class CI_Cache_file extends CI_Driver { if (write_file($this->_cache_path.$id, serialize($contents))) { - @chmod($this->_cache_path.$id, 0660); + chmod($this->_cache_path.$id, 0640); return TRUE; } diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index f1339b57a..39753705b 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -326,6 +326,13 @@ class CI_Image_lib { */ public $full_dst_path = ''; + /** + * File permissions + * + * @var int + */ + public $file_permissions = 0644; + /** * Name of function to create image * @@ -734,7 +741,7 @@ class CI_Image_lib { { if ($this->source_image !== $this->new_image && @copy($this->full_src_path, $this->full_dst_path)) { - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); } return TRUE; @@ -810,8 +817,7 @@ class CI_Image_lib { imagedestroy($dst_img); imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -880,8 +886,7 @@ class CI_Image_lib { return FALSE; } - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -969,7 +974,7 @@ class CI_Image_lib { // we have to rename the temp file. copy($this->dest_folder.'netpbm.tmp', $this->full_dst_path); unlink($this->dest_folder.'netpbm.tmp'); - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -1013,8 +1018,7 @@ class CI_Image_lib { imagedestroy($dst_img); imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -1086,8 +1090,7 @@ class CI_Image_lib { // Kill the file handles imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 64a768977..bcee73a92 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -333,6 +333,7 @@ Release Date: Not Released - If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified. - Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library. - Added support for maintaining transparency for PNG images in method ``text_watermark()``. + - Added a **file_permissions** setting. - :doc:`Form Validation Library ` changes include: @@ -533,6 +534,11 @@ Release Date: Not Released - Changed method ``clean_string()`` to utilize ``mb_convert_encoding()`` if it is available. - Renamed method ``_is_ascii()`` to ``is_ascii()`` and made it public. + - Log Library changes include: + + - Added a ``$config['log_file_permissions']`` setting. + - Changed the library constructor to try to create the **log_path** directory if it doesn't exist. + - Added `compatibility layers ` for: - `Multibyte String `_ (limited support). @@ -541,7 +547,6 @@ Release Date: Not Released - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``. - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). - - Log Library will now try to create the **log_path** directory if it doesn't exist. - Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE). - ``$config['time_reference']`` now supports all timezone strings supported by PHP. - Fatal PHP errors are now also passed to ``_exception_handler()``, so they can be logged. diff --git a/user_guide_src/source/helpers/captcha_helper.rst b/user_guide_src/source/helpers/captcha_helper.rst index d83490b8e..1b74d08ad 100644 --- a/user_guide_src/source/helpers/captcha_helper.rst +++ b/user_guide_src/source/helpers/captcha_helper.rst @@ -54,7 +54,7 @@ Once loaded you can generate a CAPTCHA like this:: can draw randomly from. - If you do not specify a path to a TRUE TYPE font, the native ugly GD font will be used. -- The "captcha" folder must be writable (666, or 777) +- The "captcha" directory must be writable - The **expiration** (in seconds) signifies how long an image will remain in the captcha folder before it will be deleted. The default is two hours. diff --git a/user_guide_src/source/helpers/file_helper.rst b/user_guide_src/source/helpers/file_helper.rst index 59cabcce2..013b583a0 100644 --- a/user_guide_src/source/helpers/file_helper.rst +++ b/user_guide_src/source/helpers/file_helper.rst @@ -80,8 +80,8 @@ The following functions are available: for mode options. .. note: In order for this function to write data to a file, its permissions must - be set such that it is writable (666, 777, etc.). If the file does not - already exist, the directory containing it must be writable. + be set such that it is writable. If the file does not already exist, + then the directory containing it must be writable. .. note:: The path is relative to your main site index.php file, NOT your controller or view files. CodeIgniter uses a front controller so paths diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst index dd9440443..4be1a6ea4 100644 --- a/user_guide_src/source/libraries/ftp.rst +++ b/user_guide_src/source/libraries/ftp.rst @@ -270,7 +270,7 @@ Class Reference :: // Creates a folder named "bar" - $this->ftp->mkdir('/public_html/foo/bar/', DIR_WRITE_MODE); + $this->ftp->mkdir('/public_html/foo/bar/', 0755); .. method:: chmod($path, $perm) @@ -282,8 +282,8 @@ Class Reference Permits you to set file permissions. Supply the path to the file or directory you wish to alter permissions on:: - // Chmod "bar" to 777 - $this->ftp->chmod('/public_html/foo/bar/', DIR_WRITE_MODE); + // Chmod "bar" to 755 + $this->ftp->chmod('/public_html/foo/bar/', 0755); .. method:: changedir($path[, $suppress_debug = FALSE]) diff --git a/user_guide_src/source/libraries/image_lib.rst b/user_guide_src/source/libraries/image_lib.rst index 16acf090b..a52cf3e02 100644 --- a/user_guide_src/source/libraries/image_lib.rst +++ b/user_guide_src/source/libraries/image_lib.rst @@ -137,6 +137,8 @@ Preference Default Value Options image can be shown at a time, and it can't be positioned on the page. It simply outputs the raw image dynamically to your browser, along with image headers. +**file_permissions** 0644 (integer) File system permissions to apply on the resulting image file, R, C, X, W + writing it to the disk. WARNING: Use octal integer notation! **quality** 90% 1 - 100% Sets the quality of the image. The higher the quality the larger the R, C, X, W file size. **new_image** None None Sets the destination image name/path. You'll use this preference when R, C, X, W diff --git a/user_guide_src/source/libraries/zip.rst b/user_guide_src/source/libraries/zip.rst index 5ff7d07d6..4ca14086a 100644 --- a/user_guide_src/source/libraries/zip.rst +++ b/user_guide_src/source/libraries/zip.rst @@ -173,7 +173,7 @@ Class Reference :rtype: bool Writes the Zip-encoded file to a directory on your server. Submit a valid server path ending in the file name. - Make sure the directory is writable (660 or 666 is usually OK). Example:: + Make sure the directory is writable (755 is usually OK). Example:: $this->zip->archive('/path/to/folder/myarchive.zip'); // Creates a file named myarchive.zip -- cgit v1.2.3-24-g4f1b