| 30,11 → 30,6 |
|---|
| { |
| |
| /** |
| * |
| */ |
| const DIR_UNLOCK_FILE = 'oidplus_upload.dir'; |
| |
| /** |
| * @param string $dir |
| * @return void |
| * @throws OIDplusException |
| 49,50 → 44,15 |
|---|
| throw new OIDplusException(_L('The attachment directory "%1" cannot be resolved (realpath).', $dir)); |
| } |
| |
| $unlock_file = $realdir . DIRECTORY_SEPARATOR . self::DIR_UNLOCK_FILE; |
| if (!file_exists($unlock_file)) { |
| throw new OIDplusException(_L('Unlock file "%1" is not existing in attachment directory "%2".', self::DIR_UNLOCK_FILE, $dir)); |
| } |
| |
| // Check for critical directories |
| if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
| // Linux check 1: Check for critical directories |
| if (self::isCriticalLinuxDirectory($realdir)) { |
| throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
| } |
| |
| // Linux check 2: Check file owner |
| $file_owner_a = fileowner(OIDplus::localpath().'index.php'); |
| if ($file_owner_a === false) { |
| $file_owner_a = -1; |
| $file_owner_a_name = '???'; |
| } else { |
| $tmp = function_exists('posix_getpwuid') ? posix_getpwuid($file_owner_a) : false; |
| $file_owner_a_name = $tmp !== false ? $tmp['name'] : 'UID '.$file_owner_a; |
| } |
| |
| $file_owner_b = fileowner($unlock_file); |
| if ($file_owner_b === false) { |
| $file_owner_b = -1; |
| $file_owner_b_name = '???'; |
| } else { |
| $tmp = function_exists('posix_getpwuid') ? posix_getpwuid($file_owner_b) : false; |
| $file_owner_b_name = $tmp !== false ? $tmp['name'] : 'UID '.$file_owner_b; |
| } |
| |
| if ($file_owner_a != $file_owner_b) { |
| throw new OIDplusException(_L('Owner of unlock file "%1" is wrong. It is "%2", but it should be "%3".', $unlock_file, $file_owner_b_name, $file_owner_a_name)); |
| } |
| } else { |
| // Windows check 1: Check for critical directories |
| if (self::isCriticalWindowsDirectory($realdir)) { |
| throw new OIDplusException(_L('The attachment directory must not be inside a critical system directory!')); |
| } |
| |
| // Note: We will not query the file owner in Windows systems. |
| // It would be possible, however, on Windows systems, the file |
| // ownership is rather hidden to the user and the user needs |
| // to go into several menus and windows in order to see/change |
| // the owner. We don't want to over-complicate it to the Windows admin. |
| } |
| } |
| |
| 101,8 → 61,8 |
|---|
| * @return bool |
| */ |
| private static function isCriticalWindowsDirectory(string $dir): bool { |
| $dir .= '\\'; |
| $windir = isset($_SERVER['SystemRoot']) ? $_SERVER['SystemRoot'].'\\' : 'C:\\Windows\\'; |
| $dir = rtrim(str_replace('/', '\\', $dir),'\\').'\\'; |
| $windir = isset($_SERVER['SystemRoot']) ? rtrim($_SERVER['SystemRoot'],'\\').'\\' : 'C:\\Windows\\'; |
| if (stripos($dir,$windir) === 0) return true; |
| return false; |
| } |
| 113,7 → 73,7 |
|---|
| */ |
| private static function isCriticalLinuxDirectory(string $dir): bool { |
| if ($dir == '/') return true; |
| $dir .= '/'; |
| $dir = rtrim($dir,'/').'/'; |
| if (strpos($dir,'/bin/') === 0) return true; |
| if (strpos($dir,'/boot/') === 0) return true; |
| if (strpos($dir,'/dev/') === 0) return true; |
| 369,15 → 329,7 |
|---|
| throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).')); |
| } |
| }); |
| |
| $info_txt = 'Alternative directory for attachments. It must contain a file named "'; |
| $info_txt .= self::DIR_UNLOCK_FILE; |
| $info_txt .= '"'; |
| if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { |
| $info_txt .= ' with the same owner as index.php'; |
| } |
| $info_txt .= '. If this setting is empty, then the userdata directory is used.'; |
| OIDplus::config()->prepareConfigKey('attachment_upload_dir', $info_txt, '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| OIDplus::config()->prepareConfigKey('attachment_upload_dir', 'Alternative directory for attachments. If this setting is empty, then the userdata directory is used.', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| if (trim($value) !== '') { |
| self::checkUploadDir($value); |
| } |
| 415,9 → 367,12 |
|---|
| |
| /** |
| * Convert amount of bytes to human-friendly name |
| * |
| * @param int $bytes |
| * @param int $decimals |
| * @return string |
| * @throws OIDplusConfigInitializationException |
| * @throws OIDplusException |
| */ |
| private static function convert_filesize(int $bytes, int $decimals = 2): string { |
| $size = array(_L('Bytes'),_L('KiB'),_L('MiB'),_L('GiB'),_L('TiB'),_L('PiB'),_L('EiB'),_L('ZiB'),_L('YiB')); |
| 427,11 → 382,14 |
|---|
| |
| /** |
| * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_2 |
| * |
| * @param string $id |
| * @param string $title |
| * @param string $icon |
| * @param string $text |
| * @return void |
| * @throws OIDplusConfigInitializationException |
| * @throws OIDplusException |
| */ |
| public function modifyContent(string $id, string &$title, string &$icon, string &$text) { |
| $output = ''; |