From 5fab4931b440a5842331043eafa8ed5119027b39 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Fri, 2 Nov 2007 09:53:32 +0000
Subject: [PATCH] =?UTF-8?q?Changed=20check=5Fdir=5Fexists()=20behaviour=20?=
 =?UTF-8?q?to=20be=20more=20robust=20and=20to=20work=20better=20when=20use?=
 =?UTF-8?q?d=20recursively=20under=20sites=20with=20open=5Fbasedir=20enabl?=
 =?UTF-8?q?ed.=20Credit=20goes=20to=20Ren=C3=83=C2=A9=20Samselnig.=20MDL-1?=
 =?UTF-8?q?1437?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Merged from MOODLE_19_STABLE
---
 lib/moodlelib.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index e0bbc0bd34c..74f5a1cc183 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -7272,7 +7272,7 @@ function remove_dir($dir, $content_only=false) {
 /**
  * Function to check if a directory exists and optionally create it.
  *
- * @param string absolute directory path
+ * @param string absolute directory path (must be under $CFG->dataroot)
  * @param boolean create directory if does not exist
  * @param boolean create directory recursively
  *
@@ -7282,6 +7282,10 @@ function check_dir_exists($dir, $create=false, $recursive=false) {
 
     global $CFG;
 
+    if (strstr($dir, $CFG->dataroot) === false) {
+        debugging('Warning. Wrong call to check_dir_exists(). $dir must be an absolute path under $CFG->dataroot ("' . $dir . '" is incorrect)', DEBUG_DEVELOPER);
+    }
+
     $status = true;
 
     if(!is_dir($dir)) {
@@ -7290,10 +7294,14 @@ function check_dir_exists($dir, $create=false, $recursive=false) {
         } else {
             umask(0000);
             if ($recursive) {
-                // PHP 5.0 has recursive mkdir parameter, but 4.x does not :-(
+            /// PHP 5.0 has recursive mkdir parameter, but 4.x does not :-(
                 $dir = str_replace('\\', '/', $dir); //windows compatibility
-                $dirs = explode('/', $dir);
-                $dir = array_shift($dirs).'/'; //skip root or drive letter
+            /// We are going to make it recursive under $CFG->dataroot only
+            /// (will help sites running open_basedir security and others)
+                $dir = str_replace($CFG->dataroot . '/', '', $dir);
+                $dirs = explode('/', $dir); /// Extract path parts
+            /// Iterate over each part with start point $CFG->dataroot
+                $dir = $CFG->dataroot . '/';
                 foreach ($dirs as $part) {
                     if ($part == '') {
                         continue;