]> git.wh0rd.org Git - tt-rss.git/commitdiff
implement upload-related support for open_basedir
authorAndrew Dolgov <fox@fakecake.org>
Thu, 11 Apr 2013 15:12:00 +0000 (19:12 +0400)
committerAndrew Dolgov <fox@fakecake.org>
Thu, 11 Apr 2013 15:12:00 +0000 (19:12 +0400)
cache/upload/.empty [new file with mode: 0644]
classes/opml.php
classes/pref/feeds.php
include/rssfuncs.php
include/sanity_check.php
install/index.php
plugins/googlereaderimport/init.php

diff --git a/cache/upload/.empty b/cache/upload/.empty
new file mode 100644 (file)
index 0000000..e69de29
index 7a49f757c12c474dbe238004c444717a8a3446f8..2ecae42379ca5de4a7ad5a105fda8ecaf5d29f83 100644 (file)
@@ -461,11 +461,35 @@ class Opml extends Handler_Protected {
 
 #              if ($debug) $doc = DOMDocument::load("/tmp/test.opml");
 
-               if (is_file($_FILES['opml_file']['tmp_name'])) {
+               if ($_FILES['opml_file']['error'] != 0) {
+                       print_error(T_sprintf("Upload failed with error code %d",
+                               $_FILES['opml_file']['error']));
+                       return;
+               }
+
+               $tmp_file = false;
+
+               if (is_uploaded_file($_FILES['opml_file']['tmp_name'])) {
+                       $tmp_file = tempnam(CACHE_DIR . '/upload', 'opml');
+
+                       $result = move_uploaded_file($_FILES['opml_file']['tmp_name'],
+                               $tmp_file);
+
+                       if (!$result) {
+                               print_error(__("Unable to move uploaded file."));
+                               return;
+                       }
+               } else {
+                       print_error(__('Error: please upload OPML file.'));
+                       return;
+               }
+
+               if (is_file($tmp_file)) {
                        $doc = new DOMDocument();
-                       $doc->load($_FILES['opml_file']['tmp_name']);
+                       $doc->load($tmp_file);
+                       unlink($tmp_file);
                } else if (!$doc) {
-                       print_error(__('Error: please upload OPML file.'));
+                       print_error(__('Error: unable to find moved OPML file.'));
                        return;
                }
 
index 469ca1111c628d45c8fcbf9a031d6767ae1de7e0..f57cc37d6fdebf2ea52cd88189679bafc114cfd1 100644 (file)
@@ -463,7 +463,7 @@ class Pref_Feeds extends Handler_Protected {
                        WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
 
                if (db_num_rows($result) != 0) {
-                       unlink(ICONS_DIR . "/$feed_id.ico");
+                       @unlink(ICONS_DIR . "/$feed_id.ico");
                }
 
                return;
@@ -472,7 +472,22 @@ class Pref_Feeds extends Handler_Protected {
        function uploadicon() {
                header("Content-type: text/html");
 
-               $icon_file = $_FILES['icon_file']['tmp_name'];
+               $tmp_file = false;
+
+               if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) {
+                       $tmp_file = tempnam(CACHE_DIR . '/upload', 'icon');
+
+                       $result = move_uploaded_file($_FILES['icon_file']['tmp_name'],
+                               $tmp_file);
+
+                       if (!$result) {
+                               return;
+                       }
+               } else {
+                       return;
+               }
+
+               $icon_file = $tmp_file;
                $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
 
                if (is_file($icon_file) && $feed_id) {
@@ -482,8 +497,8 @@ class Pref_Feeds extends Handler_Protected {
                                        WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
 
                                if (db_num_rows($result) != 0) {
-                                       unlink(ICONS_DIR . "/$feed_id.ico");
-                                       move_uploaded_file($icon_file, ICONS_DIR . "/$feed_id.ico");
+                                       @unlink(ICONS_DIR . "/$feed_id.ico");
+                                       rename($icon_file, ICONS_DIR . "/$feed_id.ico");
                                        $rc = 0;
                                } else {
                                        $rc = 2;
@@ -495,6 +510,8 @@ class Pref_Feeds extends Handler_Protected {
                        $rc = 2;
                }
 
+               @unlink($icon_file);
+
                print "<script type=\"text/javascript\">";
                print "parent.uploadIconHandler($rc);";
                print "</script>";
index 727e42897795f2ce0300239467fdbd4fb5378e71..7c2e1655bcc0e7cef3476d4101a86c70e3e1a0e1 100644 (file)
        }
 
        function expire_cached_files($debug) {
-               foreach (array("simplepie", "images", "export") as $dir) {
+               foreach (array("simplepie", "images", "export", "upload") as $dir) {
                        $cache_dir = CACHE_DIR . "/$dir";
 
                        if ($debug) _debug("Expiring $cache_dir");
index 99d3051f3c38a0997919202761bf38a771737e2d..69309290e643aa58518ced268f9bf7a4e1beaa3b 100644 (file)
                                array_push($errors, "Image cache is not writable (chmod -R 777 ".CACHE_DIR."/images)");
                        }
 
+                       if (!is_writable(CACHE_DIR . "/upload")) {
+                               array_push($errors, "Upload cache is not writable (chmod -R 777 ".CACHE_DIR."/upload)");
+                       }
+
                        if (!is_writable(CACHE_DIR . "/export")) {
                                array_push($errors, "Data export cache is not writable (chmod -R 777 ".CACHE_DIR."/export)");
                        }
                                array_push($errors, "LOCK_DIRECTORY defined in config.php is not writable (chmod -R 777 ".LOCK_DIRECTORY.").\n");
                        }
 
-                       if (ini_get("open_basedir")) {
-                               array_push($errors, "PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).");
-                       }
-
                        if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
                                array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
                        }
index 026e00d01816a148736af3f614bc48e867f6534e..3b6a1f544fadb3fbd765e853ddaf07a63b36efee 100644 (file)
                        array_push($errors, "PHP version 5.3.0 or newer required.");
                }
 
-               if (ini_get("open_basedir")) {
-                       array_push($errors, "PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).");
-               }
-
                if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
                        array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
                }
index ac7a872f261156dc727c0aba1546618dedf6b127..f7d876b9082509d568352ffddcddae5e85f58b80 100644 (file)
@@ -66,8 +66,32 @@ class GoogleReaderImport extends Plugin {
 
                        $owner_uid = $_SESSION["uid"];
 
-                       if (is_file($_FILES['starred_file']['tmp_name'])) {
-                               $doc = json_decode(file_get_contents($_FILES['starred_file']['tmp_name']), true);
+                       if ($_FILES['starred_file']['error'] != 0) {
+                               print_error(T_sprintf("Upload failed with error code %d",
+                                       $_FILES['starred_file']['error']));
+                               return;
+                       }
+
+                       $tmp_file = false;
+
+                       if (is_uploaded_file($_FILES['starred_file']['tmp_name'])) {
+                               $tmp_file = tempnam(CACHE_DIR . '/upload', 'starred');
+
+                               $result = move_uploaded_file($_FILES['starred_file']['tmp_name'],
+                                       $tmp_file);
+
+                               if (!$result) {
+                                       print_error(__("Unable to move uploaded file."));
+                                       return;
+                               }
+                       } else {
+                               print_error(__('Error: please upload OPML file.'));
+                               return;
+                       }
+
+                       if (is_file($tmp_file)) {
+                               $doc = json_decode(file_get_contents($tmp_file), true);
+                               unlink($tmp_file);
                        } else {
                                print_error(__('No file uploaded.'));
                                return;