Don't use sys_get_temp_dir(), as it reports the wrong path in restricted environments
This commit is contained in:
Hendrik Langer
parent
da8d32ae38
commit
466b41c36b
|
|
@ -25,7 +25,7 @@ OC_Util::checkAppEnabled('admin_export');
|
||||||
if (isset($_POST['admin_export'])) {
|
if (isset($_POST['admin_export'])) {
|
||||||
$root = OC::$SERVERROOT . "/";
|
$root = OC::$SERVERROOT . "/";
|
||||||
$zip = new ZipArchive();
|
$zip = new ZipArchive();
|
||||||
$filename = sys_get_temp_dir() . "/owncloud_export_" . date("y-m-d_H-i-s") . ".zip";
|
$filename = get_temp_dir() . "/owncloud_export_" . date("y-m-d_H-i-s") . ".zip";
|
||||||
OC_Log::write('admin_export',"Creating export file at: " . $filename,OC_Log::INFO);
|
OC_Log::write('admin_export',"Creating export file at: " . $filename,OC_Log::INFO);
|
||||||
if ($zip->open($filename, ZIPARCHIVE::CREATE) !== TRUE) {
|
if ($zip->open($filename, ZIPARCHIVE::CREATE) !== TRUE) {
|
||||||
exit("Cannot open <$filename>\n");
|
exit("Cannot open <$filename>\n");
|
||||||
|
|
|
||||||
|
|
@ -603,7 +603,7 @@ function test_mode () {
|
||||||
$res['gmp'] = 'pass - n/a';
|
$res['gmp'] = 'pass - n/a';
|
||||||
}
|
}
|
||||||
|
|
||||||
// sys_get_temp_dir
|
// get_temp_dir
|
||||||
$res['logfile'] = is_writable($profile['logfile'])
|
$res['logfile'] = is_writable($profile['logfile'])
|
||||||
? 'pass' : "warn - log is not writable";
|
? 'pass' : "warn - log is not writable";
|
||||||
|
|
||||||
|
|
@ -1374,30 +1374,38 @@ function str_diff_at ($a, $b) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (! function_exists('sys_get_temp_dir') && ini_get('open_basedir') == false) {
|
if (! function_exists('get_temp_dir')) {
|
||||||
/**
|
/**
|
||||||
* Create function if missing
|
* Create function if missing
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
function sys_get_temp_dir () {
|
if (ini_get('open_basedir') == false) {
|
||||||
$keys = array('TMP', 'TMPDIR', 'TEMP');
|
function get_temp_dir () {
|
||||||
foreach ($keys as $key) {
|
$keys = array('TMP', 'TMPDIR', 'TEMP');
|
||||||
if (isset($_ENV[$key]) && is_dir($_ENV[$key]) && is_writable($_ENV[$key]))
|
foreach ($keys as $key) {
|
||||||
return realpath($_ENV[$key]);
|
if (isset($_ENV[$key]) && is_dir($_ENV[$key]) && is_writable($_ENV[$key]))
|
||||||
}
|
return realpath($_ENV[$key]);
|
||||||
|
}
|
||||||
|
|
||||||
$tmp = tempnam(false, null);
|
$tmp = tempnam(false, null);
|
||||||
if (file_exists($tmp)) {
|
if (file_exists($tmp)) {
|
||||||
$dir = realpath(dirname($tmp));
|
$dir = realpath(dirname($tmp));
|
||||||
unlink($tmp);
|
unlink($tmp);
|
||||||
return realpath($dir);
|
return realpath($dir);
|
||||||
}
|
}
|
||||||
|
|
||||||
return realpath(dirname(__FILE__));
|
return realpath(dirname(__FILE__));
|
||||||
}} elseif (! function_exists('sys_get_temp_dir')) {
|
}
|
||||||
function sys_get_temp_dir () {
|
}
|
||||||
return realpath(dirname(__FILE__));
|
else {
|
||||||
}}
|
function get_temp_dir () {
|
||||||
|
if (isset(ini_get('upload_tmp_dir')) && is_dir(ini_get('upload_tmp_dir')) && is_writable(ini_get('upload_tmp_dir')))
|
||||||
|
return ini_get('upload_tmp_dir');
|
||||||
|
else
|
||||||
|
return realpath(dirname(__FILE__));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -1694,7 +1702,7 @@ if (! array_key_exists('lifetime', $profile)) {
|
||||||
|
|
||||||
// Set a default log file
|
// Set a default log file
|
||||||
if (! array_key_exists('logfile', $profile))
|
if (! array_key_exists('logfile', $profile))
|
||||||
$profile['logfile'] = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $profile['auth_realm'] . '.debug.log';
|
$profile['logfile'] = get_temp_dir() . DIRECTORY_SEPARATOR . $profile['auth_realm'] . '.debug.log';
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
25
lib/base.php
25
lib/base.php
|
|
@ -186,18 +186,19 @@ if( !isset( $RUNTIME_NOAPPS )){
|
||||||
|
|
||||||
OC::init();
|
OC::init();
|
||||||
|
|
||||||
if(!function_exists('sys_get_temp_dir')) {
|
if(!function_exists('get_temp_dir')) {
|
||||||
function sys_get_temp_dir() {
|
function get_temp_dir() {
|
||||||
if( $temp=getenv('TMP') ) return $temp;
|
if( $temp=ini_get('upload_tmp_dir') ) return $temp;
|
||||||
if( $temp=getenv('TEMP') ) return $temp;
|
if( $temp=getenv('TMP') ) return $temp;
|
||||||
if( $temp=getenv('TMPDIR') ) return $temp;
|
if( $temp=getenv('TEMP') ) return $temp;
|
||||||
$temp=tempnam(__FILE__,'');
|
if( $temp=getenv('TMPDIR') ) return $temp;
|
||||||
if (file_exists($temp)) {
|
$temp=tempnam(__FILE__,'');
|
||||||
unlink($temp);
|
if (file_exists($temp)) {
|
||||||
return dirname($temp);
|
unlink($temp);
|
||||||
}
|
return dirname($temp);
|
||||||
return null;
|
}
|
||||||
}
|
return null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
require_once('fakedirstream.php');
|
require_once('fakedirstream.php');
|
||||||
|
|
|
||||||
|
|
@ -285,7 +285,7 @@ class OC_DB {
|
||||||
$content = file_get_contents( $file );
|
$content = file_get_contents( $file );
|
||||||
|
|
||||||
// Make changes and save them to a temporary file
|
// Make changes and save them to a temporary file
|
||||||
$file2 = tempnam( sys_get_temp_dir(), 'oc_db_scheme_' );
|
$file2 = tempnam( get_temp_dir(), 'oc_db_scheme_' );
|
||||||
$content = str_replace( '*dbname*', $CONFIG_DBNAME, $content );
|
$content = str_replace( '*dbname*', $CONFIG_DBNAME, $content );
|
||||||
$content = str_replace( '*dbprefix*', $CONFIG_DBTABLEPREFIX, $content );
|
$content = str_replace( '*dbprefix*', $CONFIG_DBTABLEPREFIX, $content );
|
||||||
if( $CONFIG_DBTYPE == 'pgsql' ){ //mysql support it too but sqlite don't
|
if( $CONFIG_DBTYPE == 'pgsql' ){ //mysql support it too but sqlite don't
|
||||||
|
|
@ -392,7 +392,7 @@ class OC_DB {
|
||||||
$content = file_get_contents( $file );
|
$content = file_get_contents( $file );
|
||||||
|
|
||||||
// Make changes and save them to a temporary file
|
// Make changes and save them to a temporary file
|
||||||
$file2 = tempnam( sys_get_temp_dir(), 'oc_db_scheme_' );
|
$file2 = tempnam( get_temp_dir(), 'oc_db_scheme_' );
|
||||||
$content = str_replace( '*dbname*', $CONFIG_DBNAME, $content );
|
$content = str_replace( '*dbname*', $CONFIG_DBNAME, $content );
|
||||||
$content = str_replace( '*dbprefix*', $CONFIG_DBTABLEPREFIX, $content );
|
$content = str_replace( '*dbprefix*', $CONFIG_DBTABLEPREFIX, $content );
|
||||||
file_put_contents( $file2, $content );
|
file_put_contents( $file2, $content );
|
||||||
|
|
|
||||||
|
|
@ -91,7 +91,7 @@ class OC_Files {
|
||||||
|
|
||||||
if(is_array($files)){
|
if(is_array($files)){
|
||||||
$zip = new ZipArchive();
|
$zip = new ZipArchive();
|
||||||
$filename = sys_get_temp_dir()."/ownCloud.zip";
|
$filename = get_temp_dir()."/ownCloud.zip";
|
||||||
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
|
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
|
||||||
exit("cannot open <$filename>\n");
|
exit("cannot open <$filename>\n");
|
||||||
}
|
}
|
||||||
|
|
@ -108,7 +108,7 @@ class OC_Files {
|
||||||
$zip->close();
|
$zip->close();
|
||||||
}elseif(OC_Filesystem::is_dir($dir.'/'.$files)){
|
}elseif(OC_Filesystem::is_dir($dir.'/'.$files)){
|
||||||
$zip = new ZipArchive();
|
$zip = new ZipArchive();
|
||||||
$filename = sys_get_temp_dir()."/ownCloud.zip";
|
$filename = get_temp_dir()."/ownCloud.zip";
|
||||||
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
|
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
|
||||||
exit("cannot open <$filename>\n");
|
exit("cannot open <$filename>\n");
|
||||||
}
|
}
|
||||||
|
|
@ -271,7 +271,7 @@ class OC_Files {
|
||||||
* @return string guessed mime type
|
* @return string guessed mime type
|
||||||
*/
|
*/
|
||||||
static function pull($source,$token,$dir,$file){
|
static function pull($source,$token,$dir,$file){
|
||||||
$tmpfile=tempnam(sys_get_temp_dir(),'remoteCloudFile');
|
$tmpfile=tempnam(get_temp_dir(),'remoteCloudFile');
|
||||||
$fp=fopen($tmpfile,'w+');
|
$fp=fopen($tmpfile,'w+');
|
||||||
$url=$source.="/files/pull.php?token=$token";
|
$url=$source.="/files/pull.php?token=$token";
|
||||||
$ch=curl_init();
|
$ch=curl_init();
|
||||||
|
|
|
||||||
|
|
@ -161,7 +161,7 @@ class OC_Filestorage_Local extends OC_Filestorage{
|
||||||
}
|
}
|
||||||
|
|
||||||
public function toTmpFile($path){
|
public function toTmpFile($path){
|
||||||
$tmpFolder=sys_get_temp_dir();
|
$tmpFolder=get_temp_dir();
|
||||||
$filename=tempnam($tmpFolder,'OC_TEMP_FILE_'.substr($path,strrpos($path,'.')));
|
$filename=tempnam($tmpFolder,'OC_TEMP_FILE_'.substr($path,strrpos($path,'.')));
|
||||||
$fileStats = stat($this->datadir.$path);
|
$fileStats = stat($this->datadir.$path);
|
||||||
if(copy($this->datadir.$path,$filename)){
|
if(copy($this->datadir.$path,$filename)){
|
||||||
|
|
|
||||||
|
|
@ -211,7 +211,7 @@ class OC_Filestorage_Remote extends OC_Filestorage{
|
||||||
$parent=dirname($path);
|
$parent=dirname($path);
|
||||||
$name=substr($path,strlen($parent)+1);
|
$name=substr($path,strlen($parent)+1);
|
||||||
$file=$this->remote->getFile($parent,$name);
|
$file=$this->remote->getFile($parent,$name);
|
||||||
$file=tempnam(sys_get_temp_dir(),'oc_');
|
$file=tempnam(get_temp_dir(),'oc_');
|
||||||
file_put_contents($file,$data);
|
file_put_contents($file,$data);
|
||||||
if($return=$this->remote->sendTmpFile($file,$parent,$name)){
|
if($return=$this->remote->sendTmpFile($file,$parent,$name)){
|
||||||
$this->notifyObservers($path,OC_FILEACTION_WRITE);
|
$this->notifyObservers($path,OC_FILEACTION_WRITE);
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ class OC_Installer{
|
||||||
|
|
||||||
//download the file if necesary
|
//download the file if necesary
|
||||||
if($data['source']=='http'){
|
if($data['source']=='http'){
|
||||||
$path=tempnam(sys_get_temp_dir(),'oc_installer_');
|
$path=tempnam(get_temp_dir(),'oc_installer_');
|
||||||
if(!isset($data['href'])){
|
if(!isset($data['href'])){
|
||||||
OC_Log::write('core','No href specified when installing app from http',OC_Log::ERROR);
|
OC_Log::write('core','No href specified when installing app from http',OC_Log::ERROR);
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -77,7 +77,7 @@ class OC_Installer{
|
||||||
}
|
}
|
||||||
|
|
||||||
//extract the archive in a temporary folder
|
//extract the archive in a temporary folder
|
||||||
$extractDir=tempnam(sys_get_temp_dir(),'oc_installer_uncompressed_');
|
$extractDir=tempnam(get_temp_dir(),'oc_installer_uncompressed_');
|
||||||
unlink($extractDir);
|
unlink($extractDir);
|
||||||
mkdir($extractDir);
|
mkdir($extractDir);
|
||||||
$zip = new ZipArchive;
|
$zip = new ZipArchive;
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ class OC_REMOTE_CLOUD{
|
||||||
*/
|
*/
|
||||||
private function apiCall($action,$parameters=false,$assoc=false){
|
private function apiCall($action,$parameters=false,$assoc=false){
|
||||||
if(!$this->cookiefile){
|
if(!$this->cookiefile){
|
||||||
$this->cookiefile=sys_get_temp_dir().'/remoteCloudCookie'.uniqid();
|
$this->cookiefile=get_temp_dir().'/remoteCloudCookie'.uniqid();
|
||||||
}
|
}
|
||||||
$url=$this->path.='/files/api.php';
|
$url=$this->path.='/files/api.php';
|
||||||
$fields_string="action=$action&";
|
$fields_string="action=$action&";
|
||||||
|
|
@ -168,9 +168,9 @@ class OC_REMOTE_CLOUD{
|
||||||
}
|
}
|
||||||
$ch=curl_init();
|
$ch=curl_init();
|
||||||
if(!$this->cookiefile){
|
if(!$this->cookiefile){
|
||||||
$this->cookiefile=sys_get_temp_dir().'/remoteCloudCookie'.uniqid();
|
$this->cookiefile=get_temp_dir().'/remoteCloudCookie'.uniqid();
|
||||||
}
|
}
|
||||||
$tmpfile=tempnam(sys_get_temp_dir(),'remoteCloudFile');
|
$tmpfile=tempnam(get_temp_dir(),'remoteCloudFile');
|
||||||
$fp=fopen($tmpfile,'w+');
|
$fp=fopen($tmpfile,'w+');
|
||||||
$url=$this->path.="/files/api.php?action=get&dir=$dir&file=$file";
|
$url=$this->path.="/files/api.php?action=get&dir=$dir&file=$file";
|
||||||
curl_setopt($ch,CURLOPT_URL,$url);
|
curl_setopt($ch,CURLOPT_URL,$url);
|
||||||
|
|
@ -191,7 +191,7 @@ class OC_REMOTE_CLOUD{
|
||||||
|
|
||||||
public function sendTmpFile($tmp,$targetDir,$targetFile){
|
public function sendTmpFile($tmp,$targetDir,$targetFile){
|
||||||
$token=sha1(uniqid().$tmp);
|
$token=sha1(uniqid().$tmp);
|
||||||
$file=sys_get_temp_dir().'/'.'remoteCloudFile'.$token;
|
$file=get_temp_dir().'/'.'remoteCloudFile'.$token;
|
||||||
rename($tmp,$file);
|
rename($tmp,$file);
|
||||||
if( OC_Config::getValue( "forcessl", false ) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
|
if( OC_Config::getValue( "forcessl", false ) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
|
||||||
$url = "https://". $_SERVER['SERVER_NAME'] . OC::$WEBROOT;
|
$url = "https://". $_SERVER['SERVER_NAME'] . OC::$WEBROOT;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue