From 459657415189f4fe3f8d4eb05b209ab78409f9b0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 20:40:11 +0300 Subject: Fix #2963 Changed all file permissions settings throught the framework and the documentation. Also added configuration settings for CI_Log and CI_Image_lib --- system/core/Log.php | 30 +++++++++++++++++++-------- system/core/Output.php | 2 +- system/database/DB_cache.php | 11 +++------- system/libraries/Cache/drivers/Cache_file.php | 2 +- system/libraries/Image_lib.php | 23 +++++++++++--------- 5 files changed, 39 insertions(+), 29 deletions(-) (limited to 'system') diff --git a/system/core/Log.php b/system/core/Log.php index a949c3f39..57505b526 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -44,33 +44,40 @@ class CI_Log { */ protected $_log_path; + /** + * File permissions + * + * @var int + */ + protected $_file_permissions = 0644; + /** * Level of logging * * @var int */ - protected $_threshold = 1; + protected $_threshold = 1; /** * Highest level of logging * * @var int */ - protected $_threshold_max = 0; + protected $_threshold_max = 0; /** * Array of threshold levels to log * * @var array */ - protected $_threshold_array = array(); + protected $_threshold_array = array(); /** * Format of timestamp for log files * * @var string */ - protected $_date_fmt = 'Y-m-d H:i:s'; + protected $_date_fmt = 'Y-m-d H:i:s'; /** * Filename extension @@ -84,14 +91,14 @@ class CI_Log { * * @var bool */ - protected $_enabled = TRUE; + protected $_enabled = TRUE; /** * Predefined logging levels * * @var array */ - protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); + protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); // -------------------------------------------------------------------- @@ -108,7 +115,7 @@ class CI_Log { $this->_file_ext = (isset($config['log_file_extension']) && $config['log_file_extension'] !== '') ? ltrim($config['log_file_extension'], '.') : 'php'; - file_exists($this->_log_path) OR mkdir($this->_log_path, 0777, TRUE); + file_exists($this->_log_path) OR mkdir($this->_log_path, 0755, TRUE); if ( ! is_dir($this->_log_path) OR ! is_really_writable($this->_log_path)) { @@ -125,10 +132,15 @@ class CI_Log { $this->_threshold_array = array_flip($config['log_threshold']); } - if ($config['log_date_format'] !== '') + if ( ! empty($config['log_date_format'])) { $this->_date_fmt = $config['log_date_format']; } + + if (is_int($config['log_file_permissions'])) + { + $this->_file_permissions = $config['log_file_permissions']; + } } // -------------------------------------------------------------------- @@ -192,7 +204,7 @@ class CI_Log { if (isset($newfile) && $newfile === TRUE) { - @chmod($filepath, 0666); + chmod($filepath, $this->_file_permissions); } return is_int($result); diff --git a/system/core/Output.php b/system/core/Output.php index 238d223e2..de07125ad 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -606,7 +606,7 @@ class CI_Output { if (is_int($result)) { - @chmod($cache_path, 0666); + chmod($cache_path, 0640); log_message('debug', 'Cache file written: '.$cache_path); // Send HTTP cache-control headers to browser to match file cache settings. diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php index b855ff24e..2efb42c5c 100644 --- a/system/database/DB_cache.php +++ b/system/database/DB_cache.php @@ -156,14 +156,9 @@ class CI_DB_Cache { $dir_path = $this->db->cachedir.$segment_one.'+'.$segment_two.'/'; $filename = md5($sql); - if ( ! is_dir($dir_path)) + if ( ! is_dir($dir_path) && ! @mkdir($dir_path, 0750)) { - if ( ! @mkdir($dir_path, 0777)) - { - return FALSE; - } - - @chmod($dir_path, 0777); + return FALSE; } if (write_file($dir_path.$filename, serialize($object)) === FALSE) @@ -171,7 +166,7 @@ class CI_DB_Cache { return FALSE; } - @chmod($dir_path.$filename, 0666); + chmod($dir_path.$filename, 0640); return TRUE; } diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index aa2e8fa38..29898040a 100644 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -92,7 +92,7 @@ class CI_Cache_file extends CI_Driver { if (write_file($this->_cache_path.$id, serialize($contents))) { - @chmod($this->_cache_path.$id, 0660); + chmod($this->_cache_path.$id, 0640); return TRUE; } diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index f1339b57a..39753705b 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -326,6 +326,13 @@ class CI_Image_lib { */ public $full_dst_path = ''; + /** + * File permissions + * + * @var int + */ + public $file_permissions = 0644; + /** * Name of function to create image * @@ -734,7 +741,7 @@ class CI_Image_lib { { if ($this->source_image !== $this->new_image && @copy($this->full_src_path, $this->full_dst_path)) { - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); } return TRUE; @@ -810,8 +817,7 @@ class CI_Image_lib { imagedestroy($dst_img); imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -880,8 +886,7 @@ class CI_Image_lib { return FALSE; } - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -969,7 +974,7 @@ class CI_Image_lib { // we have to rename the temp file. copy($this->dest_folder.'netpbm.tmp', $this->full_dst_path); unlink($this->dest_folder.'netpbm.tmp'); - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -1013,8 +1018,7 @@ class CI_Image_lib { imagedestroy($dst_img); imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -1086,8 +1090,7 @@ class CI_Image_lib { // Kill the file handles imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } -- cgit v1.2.3-24-g4f1b