[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc class.vfs_sql.inc.php,1.24,1.25
|
From: |
Dave Hall <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] phpgwapi/inc class.vfs_sql.inc.php,1.24,1.25 |
|
Date: |
Fri, 10 Oct 2003 09:44:38 +0000 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv16648
Modified Files:
class.vfs_sql.inc.php
Log Message:
* fix missing /home error - patch #1989 - from lpiepho
* merging other 16 branch code too
Index: class.vfs_sql.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.vfs_sql.inc.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -C2 -d -r1.24 -r1.25
*** class.vfs_sql.inc.php 17 Feb 2003 19:34:56 -0000 1.24
--- class.vfs_sql.inc.php 10 Oct 2003 09:44:33 -0000 1.25
***************
*** 1,26 ****
<?php
! /**************************************************************************\
! * phpGroupWare API - VFS *
! * This file written by Jason Wies (Zone) <address@hidden> *
! * This class handles file/dir access for phpGroupWare *
! * Copyright (C) 2001 Jason Wies *
! * -------------------------------------------------------------------------*
! * This library is part of the phpGroupWare API *
! * http://www.phpgroupware.org/api
*
! * ------------------------------------------------------------------------ *
! * This library is free software; you can redistribute it and/or modify it *
! * under the terms of the GNU Lesser General Public License as published by *
! * the Free Software Foundation; either version 2.1 of the License, *
! * or any later version. *
! * This library is distributed in the hope that it will be useful, but *
! * WITHOUT ANY WARRANTY; without even the implied warranty of *
! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
! * See the GNU Lesser General Public License for more details. *
! * You should have received a copy of the GNU Lesser General Public License *
! * along with this library; if not, write to the Free Software Foundation, *
! * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
! \**************************************************************************/
!
! /* $Id$ */
/*!
--- 1,19 ----
<?php
! /**********************************************************************\
! * phpGroupWare - phpGroupWare API - Virtual File System *
! * http://www.phpgroupware.org
*
! * This program is part of the GNU project, see http://www.gnu.org/ *
! * *
! * Copyright 2001, 2002, 2003 Free Software Foundation, Inc. *
! * *
! * Originally Written by Jason Wies - zone at phpgroupware.org
*
! * Contributions from Giancarlo Susin *
! * --------------------------------------------
*
! * This program is Free Software; you can redistribute it and/or *
! * modify it under the terms of the GNU Lesser General Public License
*
! * as published by the Free Software Foundation; either version 2.1 of *
! * the License, or (at your option) any later version.
*
! \**********************************************************************/
! /* $Id$ */
/*!
***************
*** 82,85 ****
--- 75,90 ----
}
+ // test if the files-dir is inside the document-root,
and refuse working if so
+ //
+ if ($this->file_actions &&
$this->in_docroot($this->basedir))
+ {
+ $GLOBALS['phpgw']->common->phpgw_header();
+ if
($GLOBALS['phpgw_info']['flags']['noheader'])
+ {
+ echo parse_navbar();
+ }
+ echo '<p align="center"><font
color="red"><b>'.lang('Path to user and group files HAS TO BE OUTSIDE of the
webservers document-root!!!')."</b></font></p>\n";
+ $GLOBALS['phpgw']->common->phpgw_exit();
+ }
/*
These are stored in the MIME-type field and should
normally be ignored.
***************
*** 109,112 ****
--- 114,142 ----
/*!
+ @function in_docroot
+ @abstract test if $path lies within the webservers document-root
+ */
+ function in_docroot($path)
+ {
+ $docroots =
array(PHPGW_SERVER_ROOT,$GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT']);
+
+ foreach ($docroots as $docroot)
+ {
+ $len = strlen($docroot);
+
+ if ($docroot == substr($path,0,$len))
+ {
+ $rest = substr($path,$len);
+
+ if (!strlen($rest) || $rest[0] ==
DIRECTORY_SEPARATOR)
+ {
+ return True;
+ }
+ }
+ }
+ return False;
+ }
+
+ /*!
@function extra_sql
@abstract Return extra SQL code that should be appended to
certain queries
***************
*** 1692,1695 ****
--- 1722,1736 ----
function mkdir ($data)
{
+
+ if (!file_exists($this->basedir."/home"))
//additional lines start here
+ {
+ @mkdir ($this->basedir."/home", 0770);
+ }
+
+ if (address@hidden ($p->real_full_path, 0770))
+ {
+ return False;
+ }
+
if (!is_array ($data))
{
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc class.vfs_sql.inc.php,1.24,1.25,
Dave Hall <address@hidden> <=