From 7fedc19cc422a00ad460f7f9dc41e916c67073ef Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 9 Dec 2016 08:17:51 +0100 Subject: [PATCH 1/4] [ticket/14891] Use own proxy instantiator for open_basedir compatibility Also reverted random_compat lib to 1.4.x. PHPBB3-14891 --- phpBB/composer.json | 2 +- phpBB/composer.lock | 14 ++--- phpBB/phpbb/di/container_builder.php | 2 +- phpBB/phpbb/di/proxy_instantiator.php | 74 +++++++++++++++++++++++++++ 4 files changed, 83 insertions(+), 9 deletions(-) create mode 100644 phpBB/phpbb/di/proxy_instantiator.php diff --git a/phpBB/composer.json b/phpBB/composer.json index 7145265e55..e91430023d 100644 --- a/phpBB/composer.json +++ b/phpBB/composer.json @@ -31,7 +31,7 @@ "guzzlehttp/guzzle": "~5.3", "lusitanian/oauth": "^0.8.1", "marc1706/fast-image-size": "^1.1", - "paragonie/random_compat": "^2.0", + "paragonie/random_compat": "^1.4", "patchwork/utf8": "^1.1", "s9e/text-formatter": "~0.8.0", "symfony/config": "^2.8", diff --git a/phpBB/composer.lock b/phpBB/composer.lock index ec69331b13..e550572fb3 100644 --- a/phpBB/composer.lock +++ b/phpBB/composer.lock @@ -4,8 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "9e6c5df052c3e795ad5985862bbb5797", - "content-hash": "47456b70d82a0df10e5faa0a3dc1c2ae", + "hash": "067b099cc97334a6a08a77e5648aa260", + "content-hash": "90198ca524b93a7e915aa6916b2f55af", "packages": [ { "name": "bantu/ini-get-wrapper", @@ -460,16 +460,16 @@ }, { "name": "paragonie/random_compat", - "version": "v2.0.4", + "version": "v1.4.1", "source": { "type": "git", "url": "https://github.com/paragonie/random_compat.git", - "reference": "a9b97968bcde1c4de2a5ec6cbd06a0f6c919b46e" + "reference": "c7e26a21ba357863de030f0b9e701c7d04593774" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/a9b97968bcde1c4de2a5ec6cbd06a0f6c919b46e", - "reference": "a9b97968bcde1c4de2a5ec6cbd06a0f6c919b46e", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774", + "reference": "c7e26a21ba357863de030f0b9e701c7d04593774", "shasum": "" }, "require": { @@ -504,7 +504,7 @@ "pseudorandom", "random" ], - "time": "2016-11-07 23:38:38" + "time": "2016-03-18 20:34:03" }, { "name": "patchwork/utf8", diff --git a/phpBB/phpbb/di/container_builder.php b/phpBB/phpbb/di/container_builder.php index b6854673c2..6412ccea46 100644 --- a/phpBB/phpbb/di/container_builder.php +++ b/phpBB/phpbb/di/container_builder.php @@ -488,7 +488,7 @@ class container_builder protected function create_container(array $extensions) { $container = new ContainerBuilder(new ParameterBag($this->get_core_parameters())); - $container->setProxyInstantiator(new RuntimeInstantiator()); + $container->setProxyInstantiator(new proxy_instantiator($this->get_cache_dir())); $extensions_alias = array(); diff --git a/phpBB/phpbb/di/proxy_instantiator.php b/phpBB/phpbb/di/proxy_instantiator.php new file mode 100644 index 0000000000..28d9972cd7 --- /dev/null +++ b/phpBB/phpbb/di/proxy_instantiator.php @@ -0,0 +1,74 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\di; + +use \bantu\IniGetWrapper\IniGetWrapper; +use ProxyManager\Configuration; +use ProxyManager\Factory\LazyLoadingValueHolderFactory; +use ProxyManager\GeneratorStrategy\EvaluatingGeneratorStrategy; +use ProxyManager\Proxy\LazyLoadingInterface; +use Symfony\Component\DependencyInjection\ContainerInterface; +use Symfony\Component\DependencyInjection\Definition; +use Symfony\Component\DependencyInjection\LazyProxy\Instantiator\InstantiatorInterface; + +/** + * Runtime lazy loading proxy generator extended for allowing use while using + * open_basedir restrictions + * + * Original author: Marco Pivetta + */ +class proxy_instantiator implements InstantiatorInterface +{ + /** + * @var LazyLoadingValueHolderFactory + */ + private $factory; + + /** + * proxy_instantiator constructor + * @param string $cache_dir Cache dir for fall back when using open_basedir + */ + public function __construct($cache_dir) + { + $config = new Configuration(); + + // Prevent trying to write to system temp dir in case of open_basedir + // restrictions being in effect + $ini_wrapper = new IniGetWrapper(); + if ($ini_wrapper->getString('open_basedir') || !file_exists(sys_get_temp_dir())) + { + $config->setProxiesTargetDir($cache_dir); + } + $config->setGeneratorStrategy(new EvaluatingGeneratorStrategy()); + + $this->factory = new LazyLoadingValueHolderFactory($config); + } + + /** + * {@inheritdoc} + */ + public function instantiateProxy(ContainerInterface $container, Definition $definition, $id, $realInstantiator) + { + return $this->factory->createProxy( + $definition->getClass(), + function (&$wrappedInstance, LazyLoadingInterface $proxy) use ($realInstantiator) { + $wrappedInstance = call_user_func($realInstantiator); + + $proxy->setProxyInitializer(null); + + return true; + } + ); + } +} From 5f56e9025b276419578507ddbab933183649b47d Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 9 Dec 2016 08:56:16 +0100 Subject: [PATCH 2/4] [ticket/14891] Remove unused use statements PHPBB3-14891 --- phpBB/phpbb/di/container_builder.php | 1 - phpBB/phpbb/di/proxy_instantiator.php | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/phpBB/phpbb/di/container_builder.php b/phpBB/phpbb/di/container_builder.php index 6412ccea46..4d5f189f12 100644 --- a/phpBB/phpbb/di/container_builder.php +++ b/phpBB/phpbb/di/container_builder.php @@ -14,7 +14,6 @@ namespace phpbb\di; use phpbb\filesystem\filesystem; -use Symfony\Bridge\ProxyManager\LazyProxy\Instantiator\RuntimeInstantiator; use Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper\ProxyDumper; use Symfony\Component\Config\ConfigCache; use Symfony\Component\Config\FileLocator; diff --git a/phpBB/phpbb/di/proxy_instantiator.php b/phpBB/phpbb/di/proxy_instantiator.php index 28d9972cd7..1f51100493 100644 --- a/phpBB/phpbb/di/proxy_instantiator.php +++ b/phpBB/phpbb/di/proxy_instantiator.php @@ -17,7 +17,6 @@ use \bantu\IniGetWrapper\IniGetWrapper; use ProxyManager\Configuration; use ProxyManager\Factory\LazyLoadingValueHolderFactory; use ProxyManager\GeneratorStrategy\EvaluatingGeneratorStrategy; -use ProxyManager\Proxy\LazyLoadingInterface; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\Definition; use Symfony\Component\DependencyInjection\LazyProxy\Instantiator\InstantiatorInterface; @@ -62,7 +61,7 @@ class proxy_instantiator implements InstantiatorInterface { return $this->factory->createProxy( $definition->getClass(), - function (&$wrappedInstance, LazyLoadingInterface $proxy) use ($realInstantiator) { + function (&$wrappedInstance, \ProxyManager\Proxy\LazyLoadingInterface $proxy) use ($realInstantiator) { $wrappedInstance = call_user_func($realInstantiator); $proxy->setProxyInitializer(null); From 6a568719d031544553a9e236e4128c5bfbd42600 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 9 Dec 2016 11:10:28 +0100 Subject: [PATCH 3/4] [ticket/14891] Use filesystem classes for checking on tmp dir The cache dir will now also only be used if tmp dir does not exist or if it's not writable. PHPBB3-14891 --- phpBB/phpbb/di/proxy_instantiator.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/di/proxy_instantiator.php b/phpBB/phpbb/di/proxy_instantiator.php index 1f51100493..47cc7b69c4 100644 --- a/phpBB/phpbb/di/proxy_instantiator.php +++ b/phpBB/phpbb/di/proxy_instantiator.php @@ -13,7 +13,8 @@ namespace phpbb\di; -use \bantu\IniGetWrapper\IniGetWrapper; +use bantu\IniGetWrapper\IniGetWrapper; +use phpbb\filesystem\filesystem; use ProxyManager\Configuration; use ProxyManager\Factory\LazyLoadingValueHolderFactory; use ProxyManager\GeneratorStrategy\EvaluatingGeneratorStrategy; @@ -45,7 +46,10 @@ class proxy_instantiator implements InstantiatorInterface // Prevent trying to write to system temp dir in case of open_basedir // restrictions being in effect $ini_wrapper = new IniGetWrapper(); - if ($ini_wrapper->getString('open_basedir') || !file_exists(sys_get_temp_dir())) + $filesystem = new filesystem(); + $tmp_dir = sys_get_temp_dir(); + if ($ini_wrapper->getString('open_basedir') && + (!$filesystem->exists($tmp_dir) || !$filesystem->is_writable($tmp_dir))) { $config->setProxiesTargetDir($cache_dir); } From 90b59bb547844f6913cb459c21d249aec4226d56 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 9 Dec 2016 11:32:13 +0100 Subject: [PATCH 4/4] [ticket/14891] Don't rely on sys_get_temp_dir() being available Or actually returning a path. It might also return an empty string or null. PHPBB3-14891 --- phpBB/phpbb/di/proxy_instantiator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/di/proxy_instantiator.php b/phpBB/phpbb/di/proxy_instantiator.php index 47cc7b69c4..a388e82c0e 100644 --- a/phpBB/phpbb/di/proxy_instantiator.php +++ b/phpBB/phpbb/di/proxy_instantiator.php @@ -47,8 +47,8 @@ class proxy_instantiator implements InstantiatorInterface // restrictions being in effect $ini_wrapper = new IniGetWrapper(); $filesystem = new filesystem(); - $tmp_dir = sys_get_temp_dir(); - if ($ini_wrapper->getString('open_basedir') && + $tmp_dir = (function_exists('sys_get_temp_dir')) ? sys_get_temp_dir() : ''; + if (empty($tmp_dir) || $ini_wrapper->getString('open_basedir') && (!$filesystem->exists($tmp_dir) || !$filesystem->is_writable($tmp_dir))) { $config->setProxiesTargetDir($cache_dir);