mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

the chmod change i already had within the changelog (by mistake). This should further secure writable directories and created files.

Browse Source 
Installation need to be tested on different hosts.

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8763 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2008-08-16 19:06:18 +00:00
parent da65cd1397
commit 068096531f
10 changed files with 165 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
phpBB/includes/acp/acp_language.php
View File

@@ -181,7 +181,7 @@ class acp_language
case 'submit_file':
case 'download_file':
case 'upload_data':
if (!$submit || !check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
@@ -261,23 +261,23 @@ class acp_language
if (!$safe_mode)
{
$mkdir_ary = array('language', 'language/' . $row['lang_iso']);
if ($this->language_directory)
{
$mkdir_ary[] = 'language/' . $row['lang_iso'] . '/' . $this->language_directory;
}
foreach ($mkdir_ary as $dir)
{
$dir = $phpbb_root_path . 'store/' . $dir;
if (!is_dir($dir))
{
if (!@mkdir($dir, 0777))
{
trigger_error("Could not create directory $dir", E_USER_ERROR);
}
@chmod($dir, 0777);
phpbb_chmod($dir, 'write-all');
}
}
}
@@ -316,7 +316,7 @@ class acp_language
}
$entry = "\tarray(\n";
foreach ($value as $_key => $_value)
{
$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
@@ -433,7 +433,7 @@ class acp_language
{
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$this->page_title = 'LANGUAGE_PACK_DETAILS';
$sql = 'SELECT *
@@ -442,7 +442,7 @@ class acp_language
$result = $db->sql_query($sql);
$lang_entries = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$lang_iso = $lang_entries['lang_iso'];
$missing_vars = $missing_files = array();
@@ -488,7 +488,7 @@ class acp_language
trigger_error($user->lang['WRONG_LANGUAGE_FILE'] . adm_back_link($this->u_action . '&action=details&id=' . $lang_id), E_USER_WARNING);
}
}
if (isset($_POST['remove_store']))
{
$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);
@@ -532,7 +532,7 @@ class acp_language
if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, '', $file)))
{
$missing_vars[$file] = $this->compare_language_files($config['default_lang'], $lang_iso, '', $file);
if (sizeof($missing_vars[$file]))
{
$is_missing_var = true;
@@ -550,7 +550,7 @@ class acp_language
if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'acp', $file)))
{
$missing_vars['acp/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'acp', $file);
if (sizeof($missing_vars['acp/' . $file]))
{
$is_missing_var = true;
@@ -569,7 +569,7 @@ class acp_language
if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'mods', $file)))
{
$missing_vars['mods/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'mods', $file);
if (sizeof($missing_vars['mods/' . $file]))
{
$is_missing_var = true;
@@ -581,7 +581,7 @@ class acp_language
}
}
}
// More missing files... for example email templates?
foreach ($email_files as $file)
{
@@ -1046,7 +1046,7 @@ class acp_language
$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html');
$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html');
$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html');
if (sizeof($mod_files))
{
$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html');
@@ -1208,7 +1208,7 @@ $lang = array_merge($lang, array(
function get_filename($lang_iso, $directory, $filename, $check_store = false, $only_return_filename = false)
{
global $phpbb_root_path, $safe_mode;
$check_filename = "language/$lang_iso/" . (($directory) ? $directory . '/' : '') . $filename;
if ($check_store)