[aur-dev] [PATCH] Give group writable permissions to uploaded files.

Loui Chang louipc.ist at gmail.com
Sun Nov 9 22:55:08 EST 2008 

-------------- next part --------------
>From 1e044802f9c63a53020f1747f25f553fa1bf520d Mon Sep 17 00:00:00 2001
From: Loui Chang <louipc.ist at gmail.com>
Date: Sun, 9 Nov 2008 22:35:00 -0500
Subject: [PATCH] Give group writable permissions to uploaded files.

Add a new function chown_group to recursively change permissions.
Tweak some of the coding style.
Replace some of the redundant string concatenation with a variable.

Thanks to Dan McGee for chown_group.

Signed-off-by: Loui Chang <louipc.ist at gmail.com>
---
 web/html/pkgsubmit.php |   36 +++++++++++++++++++-----------------
 web/lib/aur.inc        |   28 ++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 17 deletions(-)

diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index c38e224..4446648 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -30,12 +30,10 @@ if ($_COOKIE["AURSID"]):
 
 		if (!$error) {
 			if (!@mkdir($tempdir)) {
-				$error = __("Could not create incoming directory: %s.",
-					array($tempdir));
+				$error = __("Could not create incoming directory: %s.", $tempdir);
 			} else {
 				if (!@chdir($tempdir)) {
-					$error = __("Could not change directory to %s.",
-						array($tempdir));
+					$error = __("Could not change directory to %s.", $tempdir);
 				} else {
 					if ($_FILES['pfile']['name'] == "PKGBUILD") {
 						move_uploaded_file($_FILES['pfile']['tmp_name'], $tempdir . "/PKGBUILD");
@@ -205,32 +203,31 @@ if ($_COOKIE["AURSID"]):
 			}
 		}
 
+		$incoming_pkgdir = INCOMING_DIR . $pkg_name;
+
 		if (!$error) {
 			# First, see if this package already exists, and if it can be overwritten
 			$pkg_exists = package_exists($pkg_name);
 			if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
-				if (file_exists(INCOMING_DIR . $pkg_name)) {
+				if (file_exists($incoming_pkgdir)) {
 					# Blow away the existing file/dir and contents
-					rm_rf(INCOMING_DIR . $pkg_name);
+					rm_rf($incoming_pkgdir);
 				}
 
-				if (!@mkdir(INCOMING_DIR . $pkg_name)) {
-					$error = __( "Could not create directory %s.",
-						INCOMING_DIR . $pkg_name);
+				if (!@mkdir($incoming_pkgdir)) {
+					$error = __( "Could not create directory %s.", $incoming_pkgdir);
 				}
 
-				rename($pkg_dir, INCOMING_DIR . $pkg_name . "/" . $pkg_name);
+				rename($pkg_dir, $incoming_pkgdir . "/" . $pkg_name);
 			} else {
-				$error = __( "You are not allowed to overwrite the %h%s%h package.",
-					"<b>", $pkg_name, "</b>");
+				$error = __( "You are not allowed to overwrite the %h%s%h package.", "<b>", $pkg_name, "</b>");
 			}
 		}
 
 		# Re-tar the package for consistency's sake
 		if (!$error) {
-			if (!@chdir(INCOMING_DIR . $pkg_name)) {
-				$error = __("Could not change directory to %s.",
-					array(INCOMING_DIR . $pkg_name));
+			if (!@chdir($incoming_pkgdir)) {
+				$error = __("Could not change directory to %s.", $incoming_pkgdir);
 			}
 		}
 
@@ -243,6 +240,11 @@ if ($_COOKIE["AURSID"]):
 			}
 		}
 
+		# Chmod files after everything has been done.
+		if (!chmod_group($incoming_pkgdir)) {
+			$error = __("Could not chmod directory %s.", $incoming_pkgdir);
+		}
+
 		# Whether it failed or not we can clean this out
 		if (file_exists($tempdir)) {
 			rm_rf($tempdir);
@@ -296,7 +298,7 @@ if ($_COOKIE["AURSID"]):
 					mysql_real_escape_string($new_pkgbuild['license']),
 					mysql_real_escape_string($new_pkgbuild['pkgdesc']),
 					mysql_real_escape_string($new_pkgbuild['url']),
-					mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
+					mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
 					mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
 					$pdata["ID"]);
 
@@ -342,7 +344,7 @@ if ($_COOKIE["AURSID"]):
 					mysql_real_escape_string($new_pkgbuild['url']),
 					uid_from_sid($_COOKIE["AURSID"]),
 					uid_from_sid($_COOKIE["AURSID"]),
-					mysql_real_escape_string(INCOMING_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"),
+					mysql_real_escape_string($incoming_pkgdir . "/" . $pkg_name . ".tar.gz"),
 					mysql_real_escape_string(URL_DIR . $pkg_name . "/" . $pkg_name . ".tar.gz"));
 
 				$result = db_query($q, $dbh);
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index a126bb9..690505a 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -381,6 +381,34 @@ function rm_rf($dirname="") {
 	return;
 }
 
+# recursive chmod to set group write permissions
+#
+function chmod_group($path) {
+	if (!is_dir($path))
+		return chmod($path, 0664);
+
+	$d = dir($path);
+	while ($f = $d->read()) {
+		if ($f != '.' && $f != '..') {
+			$fullpath = $path.'/'.$f;
+			if (is_link($fullpath))
+				continue;
+			elseif (!is_dir($fullpath)) {
+				if (!chmod($fullpath, 0664))
+					return FALSE;
+			}
+			elseif(!chmod_group($fullpath))
+				return FALSE;
+		}
+	}
+	$d->close();
+
+	if(chmod($path, 0775))
+		return TRUE;
+	else
+		return FALSE;
+}
+
 # obtain the uid given a Users.Username
 #
 function uid_from_username($username="")
-- 
1.6.0.3

More information about the aur-dev mailing list