From 5fab4931b440a5842331043eafa8ed5119027b39 Mon Sep 17 00:00:00 2001 From: stronk7 Date: Fri, 2 Nov 2007 09:53:32 +0000 Subject: [PATCH] =?UTF-8?q?Changed=20check=5Fdir=5Fexists()=20behaviour=20?= =?UTF-8?q?to=20be=20more=20robust=20and=20to=20work=20better=20when=20use?= =?UTF-8?q?d=20recursively=20under=20sites=20with=20open=5Fbasedir=20enabl?= =?UTF-8?q?ed.=20Credit=20goes=20to=20Ren=C3=83=C2=A9=20Samselnig.=20MDL-1?= =?UTF-8?q?1437?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Merged from MOODLE_19_STABLE --- lib/moodlelib.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index e0bbc0bd34c..74f5a1cc183 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -7272,7 +7272,7 @@ function remove_dir($dir, $content_only=false) { /** * Function to check if a directory exists and optionally create it. * - * @param string absolute directory path + * @param string absolute directory path (must be under $CFG->dataroot) * @param boolean create directory if does not exist * @param boolean create directory recursively * @@ -7282,6 +7282,10 @@ function check_dir_exists($dir, $create=false, $recursive=false) { global $CFG; + if (strstr($dir, $CFG->dataroot) === false) { + debugging('Warning. Wrong call to check_dir_exists(). $dir must be an absolute path under $CFG->dataroot ("' . $dir . '" is incorrect)', DEBUG_DEVELOPER); + } + $status = true; if(!is_dir($dir)) { @@ -7290,10 +7294,14 @@ function check_dir_exists($dir, $create=false, $recursive=false) { } else { umask(0000); if ($recursive) { - // PHP 5.0 has recursive mkdir parameter, but 4.x does not :-( + /// PHP 5.0 has recursive mkdir parameter, but 4.x does not :-( $dir = str_replace('\\', '/', $dir); //windows compatibility - $dirs = explode('/', $dir); - $dir = array_shift($dirs).'/'; //skip root or drive letter + /// We are going to make it recursive under $CFG->dataroot only + /// (will help sites running open_basedir security and others) + $dir = str_replace($CFG->dataroot . '/', '', $dir); + $dirs = explode('/', $dir); /// Extract path parts + /// Iterate over each part with start point $CFG->dataroot + $dir = $CFG->dataroot . '/'; foreach ($dirs as $part) { if ($part == '') { continue;