Always use temporary folder owned by WCF
authorTim Düsterhus <duesterhus@woltlab.com>
Fri, 20 Mar 2015 17:29:13 +0000 (18:29 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Fri, 20 Mar 2015 17:30:50 +0000 (18:30 +0100)
wcfsetup/install/files/lib/util/FileUtil.class.php

index dfcf2c2b39158512fba23db5296e46b22d63e513..26e65e1ca769fcdb30eb48b42dc33e07c814c009 100644 (file)
@@ -39,48 +39,34 @@ final class FileUtil {
         * @return      string
         */
        public static function getTempFolder() {
-               // use tmp folder in document root by default
-               if (!empty($_SERVER['DOCUMENT_ROOT'])) {
-                       if (strpos($_SERVER['DOCUMENT_ROOT'], 'strato') !== false) {
-                               // strato bugfix
-                               // create tmp folder in document root automatically
-                               if (!@file_exists($_SERVER['DOCUMENT_ROOT'].'/tmp')) {
-                                       @mkdir($_SERVER['DOCUMENT_ROOT'].'/tmp/', 0777);
-                                       self::makeWritable($_SERVER['DOCUMENT_ROOT'].'/tmp/');
-                               }
-                       }
-                       if (@file_exists($_SERVER['DOCUMENT_ROOT'].'/tmp') && @is_writable($_SERVER['DOCUMENT_ROOT'].'/tmp')) {
-                               return $_SERVER['DOCUMENT_ROOT'].'/tmp/';
-                       }
-               }
+               // This method does not contain any shut up operator by intent.
+               // Any operation that fails here is fatal.
+               $path = WCF_DIR.'tmp/';
                
-               if (isset($_ENV['TMP']) && @is_writable($_ENV['TMP'])) {
-                       return $_ENV['TMP'] . '/';
-               }
-               if (isset($_ENV['TEMP']) && @is_writable($_ENV['TEMP'])) {
-                       return $_ENV['TEMP'] . '/';
-               }
-               if (isset($_ENV['TMPDIR']) && @is_writable($_ENV['TMPDIR'])) {
-                       return $_ENV['TMPDIR'] . '/';
+               if (is_file($path)) {
+                       // wat
+                       unlink($path);
                }
                
-               if (($path = ini_get('upload_tmp_dir')) && @is_writable($path)) {
-                       return $path . '/';
-               }
-               if (@file_exists('/tmp/') && @is_writable('/tmp/')) {
-                       return '/tmp/';
+               if (!file_exists($path)) {
+                       mkdir($path, 0777);
                }
-               if (function_exists('session_save_path') && ($path = session_save_path()) && @is_writable($path)) {
-                       return $path . '/';
+               
+               if (!is_dir($path)) {
+                       throw new SystemException("Temporary folder '".$path."' does not exist and could not be created. Please check the permissions of the '".WCF_DIR."' folder using your favorite ftp program.");
                }
                
-               $path = WCF_DIR.'tmp/';
-               if (@file_exists($path) && @is_writable($path)) {
-                       return $path;
+               if (!is_writable($path)) {
+                       self::makeWritable($path);
                }
-               else {
-                       throw new SystemException('There is no access to the system temporary folder due to an unknown reason and no user specific temporary folder exists in '.WCF_DIR.'! This is a misconfiguration of your webserver software! Please create a folder called '.$path.' using your favorite ftp program, make it writable and then retry this installation.');
+               
+               if (!is_writable($path)) {
+                       throw new SystemException("Temporary folder '".$path."' is not writable. Please check the permissions using your favorite ftp program.");
                }
+               
+               file_put_contents($path.'/.htaccess', 'deny from all');
+               
+               return $path;
        }
        
        /**