implement upload-related support for open_basedir

This commit is contained in:
Andrew Dolgov 2013-04-11 19:12:00 +04:00
parent 063ac61353
commit 3306daecf4
7 changed files with 80 additions and 19 deletions

0
cache/upload/.empty vendored Normal file
View file

View file

@ -461,14 +461,38 @@ class Opml extends Handler_Protected {
# if ($debug) $doc = DOMDocument::load("/tmp/test.opml");
if (is_file($_FILES['opml_file']['tmp_name'])) {
$doc = new DOMDocument();
$doc->load($_FILES['opml_file']['tmp_name']);
} else if (!$doc) {
if ($_FILES['opml_file']['error'] != 0) {
print_error(T_sprintf("Upload failed with error code %d",
$_FILES['opml_file']['error']));
return;
}
$tmp_file = false;
if (is_uploaded_file($_FILES['opml_file']['tmp_name'])) {
$tmp_file = tempnam(CACHE_DIR . '/upload', 'opml');
$result = move_uploaded_file($_FILES['opml_file']['tmp_name'],
$tmp_file);
if (!$result) {
print_error(__("Unable to move uploaded file."));
return;
}
} else {
print_error(__('Error: please upload OPML file.'));
return;
}
if (is_file($tmp_file)) {
$doc = new DOMDocument();
$doc->load($tmp_file);
unlink($tmp_file);
} else if (!$doc) {
print_error(__('Error: unable to find moved OPML file.'));
return;
}
if ($doc) {
$this->opml_import_category($doc, false, $owner_uid, false);
} else {

View file

@ -463,7 +463,7 @@ class Pref_Feeds extends Handler_Protected {
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
unlink(ICONS_DIR . "/$feed_id.ico");
@unlink(ICONS_DIR . "/$feed_id.ico");
}
return;
@ -472,7 +472,22 @@ class Pref_Feeds extends Handler_Protected {
function uploadicon() {
header("Content-type: text/html");
$icon_file = $_FILES['icon_file']['tmp_name'];
$tmp_file = false;
if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) {
$tmp_file = tempnam(CACHE_DIR . '/upload', 'icon');
$result = move_uploaded_file($_FILES['icon_file']['tmp_name'],
$tmp_file);
if (!$result) {
return;
}
} else {
return;
}
$icon_file = $tmp_file;
$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
@ -482,8 +497,8 @@ class Pref_Feeds extends Handler_Protected {
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
unlink(ICONS_DIR . "/$feed_id.ico");
move_uploaded_file($icon_file, ICONS_DIR . "/$feed_id.ico");
@unlink(ICONS_DIR . "/$feed_id.ico");
rename($icon_file, ICONS_DIR . "/$feed_id.ico");
$rc = 0;
} else {
$rc = 2;
@ -495,6 +510,8 @@ class Pref_Feeds extends Handler_Protected {
$rc = 2;
}
@unlink($icon_file);
print "<script type=\"text/javascript\">";
print "parent.uploadIconHandler($rc);";
print "</script>";

View file

@ -1191,7 +1191,7 @@
}
function expire_cached_files($debug) {
foreach (array("simplepie", "images", "export") as $dir) {
foreach (array("simplepie", "images", "export", "upload") as $dir) {
$cache_dir = CACHE_DIR . "/$dir";
if ($debug) _debug("Expiring $cache_dir");

View file

@ -55,6 +55,10 @@
array_push($errors, "Image cache is not writable (chmod -R 777 ".CACHE_DIR."/images)");
}
if (!is_writable(CACHE_DIR . "/upload")) {
array_push($errors, "Upload cache is not writable (chmod -R 777 ".CACHE_DIR."/upload)");
}
if (!is_writable(CACHE_DIR . "/export")) {
array_push($errors, "Data export cache is not writable (chmod -R 777 ".CACHE_DIR."/export)");
}
@ -102,10 +106,6 @@
array_push($errors, "LOCK_DIRECTORY defined in config.php is not writable (chmod -R 777 ".LOCK_DIRECTORY.").\n");
}
if (ini_get("open_basedir")) {
array_push($errors, "PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).");
}
if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
}

View file

@ -17,10 +17,6 @@
array_push($errors, "PHP version 5.3.0 or newer required.");
}
if (ini_get("open_basedir")) {
array_push($errors, "PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).");
}
if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
}

View file

@ -66,8 +66,32 @@ class GoogleReaderImport extends Plugin {
$owner_uid = $_SESSION["uid"];
if (is_file($_FILES['starred_file']['tmp_name'])) {
$doc = json_decode(file_get_contents($_FILES['starred_file']['tmp_name']), true);
if ($_FILES['starred_file']['error'] != 0) {
print_error(T_sprintf("Upload failed with error code %d",
$_FILES['starred_file']['error']));
return;
}
$tmp_file = false;
if (is_uploaded_file($_FILES['starred_file']['tmp_name'])) {
$tmp_file = tempnam(CACHE_DIR . '/upload', 'starred');
$result = move_uploaded_file($_FILES['starred_file']['tmp_name'],
$tmp_file);
if (!$result) {
print_error(__("Unable to move uploaded file."));
return;
}
} else {
print_error(__('Error: please upload OPML file.'));
return;
}
if (is_file($tmp_file)) {
$doc = json_decode(file_get_contents($tmp_file), true);
unlink($tmp_file);
} else {
print_error(__('No file uploaded.'));
return;