MDL-23948 prevent HTMLPurifier from changing permissions in serializer code - we have a special setting for this in config.php already

lib/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer.php

@@ -108,6 +108,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
      * @return True if successful
      */
     private function _prepareDir($config) {
+        $directory = $this->generateDirectoryPath($config);
         $directory = $this->generateDirectoryPath($config);
         if (!is_dir($directory)) {
             $base = $this->generateBaseDirectoryPath($config);
@@ -119,9 +120,9 @@ class HTMLPurifier_DefinitionCache_Serializer extends
             } elseif (!$this->_testPermissions($base)) {
                 return false;
             }
-            $old = umask(0022); // disable group and world writes
+            //$old = umask(0022); // disable group and world writes //Moodle
             mkdir($directory);
-            umask($old);
+            //umask($old); //Moodle
         } elseif (!$this->_testPermissions($directory)) {
             return false;
         }
@@ -135,6 +136,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends
     private function _testPermissions($dir) {
         // early abort, if it is writable, everything is hunky-dory
         if (is_writable($dir)) return true;
+        return false;//Moodle hack
         if (!is_dir($dir)) {
             // generally, you'll want to handle this beforehand
             // so a more specific error message can be given

lib/htmlpurifier/readme_moodle.txt

@@ -5,5 +5,6 @@ Changes:
  * HMLTModule/XMLCommonAttributes.php - remove xml:lang - needed for multilang
  * AttrDef/Lang.php - relax lang check - needed for multilang
  * Lexer.php - Subverted line break normalisation (requires setting: Output.Newline to \n) MDL-22654
+ * Serializer.php - removed directory permissions changes, we rely on our own settings
 
 skodak