From 466b41c36bf7093cdde9d2856eb520503f52640c Mon Sep 17 00:00:00 2001 From: Hendrik Langer Date: Wed, 19 Oct 2011 23:38:35 +0200 Subject: [PATCH] Don't use sys_get_temp_dir(), as it reports the wrong path in restricted environments --- apps/admin_export/settings.php | 2 +- apps/user_openid/phpmyid.php | 48 ++++++++++++++++++++-------------- lib/base.php | 25 +++++++++--------- lib/db.php | 4 +-- lib/files.php | 6 ++--- lib/filestorage/local.php | 2 +- lib/filestorage/remote.php | 2 +- lib/installer.php | 4 +-- lib/remote/cloud.php | 8 +++--- 9 files changed, 55 insertions(+), 46 deletions(-) diff --git a/apps/admin_export/settings.php b/apps/admin_export/settings.php index cf1daa250f..a33c872ccf 100644 --- a/apps/admin_export/settings.php +++ b/apps/admin_export/settings.php @@ -25,7 +25,7 @@ OC_Util::checkAppEnabled('admin_export'); if (isset($_POST['admin_export'])) { $root = OC::$SERVERROOT . "/"; $zip = new ZipArchive(); - $filename = sys_get_temp_dir() . "/owncloud_export_" . date("y-m-d_H-i-s") . ".zip"; + $filename = get_temp_dir() . "/owncloud_export_" . date("y-m-d_H-i-s") . ".zip"; OC_Log::write('admin_export',"Creating export file at: " . $filename,OC_Log::INFO); if ($zip->open($filename, ZIPARCHIVE::CREATE) !== TRUE) { exit("Cannot open <$filename>\n"); diff --git a/apps/user_openid/phpmyid.php b/apps/user_openid/phpmyid.php index d8168c9a10..c984dc8f5e 100644 --- a/apps/user_openid/phpmyid.php +++ b/apps/user_openid/phpmyid.php @@ -603,7 +603,7 @@ function test_mode () { $res['gmp'] = 'pass - n/a'; } - // sys_get_temp_dir + // get_temp_dir $res['logfile'] = is_writable($profile['logfile']) ? 'pass' : "warn - log is not writable"; @@ -1374,30 +1374,38 @@ function str_diff_at ($a, $b) { } -if (! function_exists('sys_get_temp_dir') && ini_get('open_basedir') == false) { +if (! function_exists('get_temp_dir')) { /** * Create function if missing * @return string */ -function sys_get_temp_dir () { - $keys = array('TMP', 'TMPDIR', 'TEMP'); - foreach ($keys as $key) { - if (isset($_ENV[$key]) && is_dir($_ENV[$key]) && is_writable($_ENV[$key])) - return realpath($_ENV[$key]); - } + if (ini_get('open_basedir') == false) { + function get_temp_dir () { + $keys = array('TMP', 'TMPDIR', 'TEMP'); + foreach ($keys as $key) { + if (isset($_ENV[$key]) && is_dir($_ENV[$key]) && is_writable($_ENV[$key])) + return realpath($_ENV[$key]); + } - $tmp = tempnam(false, null); - if (file_exists($tmp)) { - $dir = realpath(dirname($tmp)); - unlink($tmp); - return realpath($dir); - } + $tmp = tempnam(false, null); + if (file_exists($tmp)) { + $dir = realpath(dirname($tmp)); + unlink($tmp); + return realpath($dir); + } - return realpath(dirname(__FILE__)); -}} elseif (! function_exists('sys_get_temp_dir')) { -function sys_get_temp_dir () { - return realpath(dirname(__FILE__)); -}} + return realpath(dirname(__FILE__)); + } + } + else { + function get_temp_dir () { + if (isset(ini_get('upload_tmp_dir')) && is_dir(ini_get('upload_tmp_dir')) && is_writable(ini_get('upload_tmp_dir'))) + return ini_get('upload_tmp_dir'); + else + return realpath(dirname(__FILE__)); + } + } +} /** @@ -1694,7 +1702,7 @@ if (! array_key_exists('lifetime', $profile)) { // Set a default log file if (! array_key_exists('logfile', $profile)) - $profile['logfile'] = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $profile['auth_realm'] . '.debug.log'; + $profile['logfile'] = get_temp_dir() . DIRECTORY_SEPARATOR . $profile['auth_realm'] . '.debug.log'; /* diff --git a/lib/base.php b/lib/base.php index 8adb1cc910..d5fff1e0a7 100644 --- a/lib/base.php +++ b/lib/base.php @@ -186,18 +186,19 @@ if( !isset( $RUNTIME_NOAPPS )){ OC::init(); -if(!function_exists('sys_get_temp_dir')) { - function sys_get_temp_dir() { - if( $temp=getenv('TMP') ) return $temp; - if( $temp=getenv('TEMP') ) return $temp; - if( $temp=getenv('TMPDIR') ) return $temp; - $temp=tempnam(__FILE__,''); - if (file_exists($temp)) { - unlink($temp); - return dirname($temp); - } - return null; - } +if(!function_exists('get_temp_dir')) { + function get_temp_dir() { + if( $temp=ini_get('upload_tmp_dir') ) return $temp; + if( $temp=getenv('TMP') ) return $temp; + if( $temp=getenv('TEMP') ) return $temp; + if( $temp=getenv('TMPDIR') ) return $temp; + $temp=tempnam(__FILE__,''); + if (file_exists($temp)) { + unlink($temp); + return dirname($temp); + } + return null; + } } require_once('fakedirstream.php'); diff --git a/lib/db.php b/lib/db.php index bcfda4592f..44be619fde 100644 --- a/lib/db.php +++ b/lib/db.php @@ -285,7 +285,7 @@ class OC_DB { $content = file_get_contents( $file ); // Make changes and save them to a temporary file - $file2 = tempnam( sys_get_temp_dir(), 'oc_db_scheme_' ); + $file2 = tempnam( get_temp_dir(), 'oc_db_scheme_' ); $content = str_replace( '*dbname*', $CONFIG_DBNAME, $content ); $content = str_replace( '*dbprefix*', $CONFIG_DBTABLEPREFIX, $content ); if( $CONFIG_DBTYPE == 'pgsql' ){ //mysql support it too but sqlite don't @@ -392,7 +392,7 @@ class OC_DB { $content = file_get_contents( $file ); // Make changes and save them to a temporary file - $file2 = tempnam( sys_get_temp_dir(), 'oc_db_scheme_' ); + $file2 = tempnam( get_temp_dir(), 'oc_db_scheme_' ); $content = str_replace( '*dbname*', $CONFIG_DBNAME, $content ); $content = str_replace( '*dbprefix*', $CONFIG_DBTABLEPREFIX, $content ); file_put_contents( $file2, $content ); diff --git a/lib/files.php b/lib/files.php index 631726bf9b..88b559059f 100644 --- a/lib/files.php +++ b/lib/files.php @@ -91,7 +91,7 @@ class OC_Files { if(is_array($files)){ $zip = new ZipArchive(); - $filename = sys_get_temp_dir()."/ownCloud.zip"; + $filename = get_temp_dir()."/ownCloud.zip"; if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { exit("cannot open <$filename>\n"); } @@ -108,7 +108,7 @@ class OC_Files { $zip->close(); }elseif(OC_Filesystem::is_dir($dir.'/'.$files)){ $zip = new ZipArchive(); - $filename = sys_get_temp_dir()."/ownCloud.zip"; + $filename = get_temp_dir()."/ownCloud.zip"; if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { exit("cannot open <$filename>\n"); } @@ -271,7 +271,7 @@ class OC_Files { * @return string guessed mime type */ static function pull($source,$token,$dir,$file){ - $tmpfile=tempnam(sys_get_temp_dir(),'remoteCloudFile'); + $tmpfile=tempnam(get_temp_dir(),'remoteCloudFile'); $fp=fopen($tmpfile,'w+'); $url=$source.="/files/pull.php?token=$token"; $ch=curl_init(); diff --git a/lib/filestorage/local.php b/lib/filestorage/local.php index 8e0907f8d3..8db0ffead4 100644 --- a/lib/filestorage/local.php +++ b/lib/filestorage/local.php @@ -161,7 +161,7 @@ class OC_Filestorage_Local extends OC_Filestorage{ } public function toTmpFile($path){ - $tmpFolder=sys_get_temp_dir(); + $tmpFolder=get_temp_dir(); $filename=tempnam($tmpFolder,'OC_TEMP_FILE_'.substr($path,strrpos($path,'.'))); $fileStats = stat($this->datadir.$path); if(copy($this->datadir.$path,$filename)){ diff --git a/lib/filestorage/remote.php b/lib/filestorage/remote.php index fb14c4121a..88bdbca481 100644 --- a/lib/filestorage/remote.php +++ b/lib/filestorage/remote.php @@ -211,7 +211,7 @@ class OC_Filestorage_Remote extends OC_Filestorage{ $parent=dirname($path); $name=substr($path,strlen($parent)+1); $file=$this->remote->getFile($parent,$name); - $file=tempnam(sys_get_temp_dir(),'oc_'); + $file=tempnam(get_temp_dir(),'oc_'); file_put_contents($file,$data); if($return=$this->remote->sendTmpFile($file,$parent,$name)){ $this->notifyObservers($path,OC_FILEACTION_WRITE); diff --git a/lib/installer.php b/lib/installer.php index 242ca97934..9248f68e01 100644 --- a/lib/installer.php +++ b/lib/installer.php @@ -62,7 +62,7 @@ class OC_Installer{ //download the file if necesary if($data['source']=='http'){ - $path=tempnam(sys_get_temp_dir(),'oc_installer_'); + $path=tempnam(get_temp_dir(),'oc_installer_'); if(!isset($data['href'])){ OC_Log::write('core','No href specified when installing app from http',OC_Log::ERROR); return false; @@ -77,7 +77,7 @@ class OC_Installer{ } //extract the archive in a temporary folder - $extractDir=tempnam(sys_get_temp_dir(),'oc_installer_uncompressed_'); + $extractDir=tempnam(get_temp_dir(),'oc_installer_uncompressed_'); unlink($extractDir); mkdir($extractDir); $zip = new ZipArchive; diff --git a/lib/remote/cloud.php b/lib/remote/cloud.php index 75d60155d0..a9c74e8bf5 100644 --- a/lib/remote/cloud.php +++ b/lib/remote/cloud.php @@ -17,7 +17,7 @@ class OC_REMOTE_CLOUD{ */ private function apiCall($action,$parameters=false,$assoc=false){ if(!$this->cookiefile){ - $this->cookiefile=sys_get_temp_dir().'/remoteCloudCookie'.uniqid(); + $this->cookiefile=get_temp_dir().'/remoteCloudCookie'.uniqid(); } $url=$this->path.='/files/api.php'; $fields_string="action=$action&"; @@ -168,9 +168,9 @@ class OC_REMOTE_CLOUD{ } $ch=curl_init(); if(!$this->cookiefile){ - $this->cookiefile=sys_get_temp_dir().'/remoteCloudCookie'.uniqid(); + $this->cookiefile=get_temp_dir().'/remoteCloudCookie'.uniqid(); } - $tmpfile=tempnam(sys_get_temp_dir(),'remoteCloudFile'); + $tmpfile=tempnam(get_temp_dir(),'remoteCloudFile'); $fp=fopen($tmpfile,'w+'); $url=$this->path.="/files/api.php?action=get&dir=$dir&file=$file"; curl_setopt($ch,CURLOPT_URL,$url); @@ -191,7 +191,7 @@ class OC_REMOTE_CLOUD{ public function sendTmpFile($tmp,$targetDir,$targetFile){ $token=sha1(uniqid().$tmp); - $file=sys_get_temp_dir().'/'.'remoteCloudFile'.$token; + $file=get_temp_dir().'/'.'remoteCloudFile'.$token; rename($tmp,$file); if( OC_Config::getValue( "forcessl", false ) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { $url = "https://". $_SERVER['SERVER_NAME'] . OC::$WEBROOT;