From 9e1466d5234033e6af344d2a146d6b03ccfdac0f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 20 Mar 2015 18:29:13 +0100 Subject: [PATCH] Always use temporary folder owned by WCF --- .../install/files/lib/util/FileUtil.class.php | 54 +++++++------------ 1 file changed, 20 insertions(+), 34 deletions(-) diff --git a/wcfsetup/install/files/lib/util/FileUtil.class.php b/wcfsetup/install/files/lib/util/FileUtil.class.php index dfcf2c2b39..26e65e1ca7 100644 --- a/wcfsetup/install/files/lib/util/FileUtil.class.php +++ b/wcfsetup/install/files/lib/util/FileUtil.class.php @@ -39,48 +39,34 @@ final class FileUtil { * @return string */ public static function getTempFolder() { - // use tmp folder in document root by default - if (!empty($_SERVER['DOCUMENT_ROOT'])) { - if (strpos($_SERVER['DOCUMENT_ROOT'], 'strato') !== false) { - // strato bugfix - // create tmp folder in document root automatically - if (!@file_exists($_SERVER['DOCUMENT_ROOT'].'/tmp')) { - @mkdir($_SERVER['DOCUMENT_ROOT'].'/tmp/', 0777); - self::makeWritable($_SERVER['DOCUMENT_ROOT'].'/tmp/'); - } - } - if (@file_exists($_SERVER['DOCUMENT_ROOT'].'/tmp') && @is_writable($_SERVER['DOCUMENT_ROOT'].'/tmp')) { - return $_SERVER['DOCUMENT_ROOT'].'/tmp/'; - } - } + // This method does not contain any shut up operator by intent. + // Any operation that fails here is fatal. + $path = WCF_DIR.'tmp/'; - if (isset($_ENV['TMP']) && @is_writable($_ENV['TMP'])) { - return $_ENV['TMP'] . '/'; - } - if (isset($_ENV['TEMP']) && @is_writable($_ENV['TEMP'])) { - return $_ENV['TEMP'] . '/'; - } - if (isset($_ENV['TMPDIR']) && @is_writable($_ENV['TMPDIR'])) { - return $_ENV['TMPDIR'] . '/'; + if (is_file($path)) { + // wat + unlink($path); } - if (($path = ini_get('upload_tmp_dir')) && @is_writable($path)) { - return $path . '/'; - } - if (@file_exists('/tmp/') && @is_writable('/tmp/')) { - return '/tmp/'; + if (!file_exists($path)) { + mkdir($path, 0777); } - if (function_exists('session_save_path') && ($path = session_save_path()) && @is_writable($path)) { - return $path . '/'; + + if (!is_dir($path)) { + throw new SystemException("Temporary folder '".$path."' does not exist and could not be created. Please check the permissions of the '".WCF_DIR."' folder using your favorite ftp program."); } - $path = WCF_DIR.'tmp/'; - if (@file_exists($path) && @is_writable($path)) { - return $path; + if (!is_writable($path)) { + self::makeWritable($path); } - else { - throw new SystemException('There is no access to the system temporary folder due to an unknown reason and no user specific temporary folder exists in '.WCF_DIR.'! This is a misconfiguration of your webserver software! Please create a folder called '.$path.' using your favorite ftp program, make it writable and then retry this installation.'); + + if (!is_writable($path)) { + throw new SystemException("Temporary folder '".$path."' is not writable. Please check the permissions using your favorite ftp program."); } + + file_put_contents($path.'/.htaccess', 'deny from all'); + + return $path; } /** -- 2.20.1