aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2015-11-24 01:26:30 +0100
committerVirtualTam <virtualtam@flibidi.net>2015-11-24 01:26:30 +0100
commit0def004963c62ff1edfce16272a87ba9f0c87e16 (patch)
treef743e785edf708454ab53efa13f38e35f10447e6 /application
parentc580024cfbe5f0d290b09157b9665d1b4131d7f4 (diff)
parent2e28269baed195d58bbe169841eed176b171db76 (diff)
downloadShaarli-0def004963c62ff1edfce16272a87ba9f0c87e16.tar.gz
Shaarli-0def004963c62ff1edfce16272a87ba9f0c87e16.tar.zst
Shaarli-0def004963c62ff1edfce16272a87ba9f0c87e16.zip
Merge pull request #375 from virtualtam/utils/permissions
tools: check file/directory permissions for Shaarli resources
Diffstat (limited to 'application')
-rw-r--r--application/ApplicationUtils.php69
-rw-r--r--application/FileUtils.php19
-rw-r--r--application/LinkDB.php35
3 files changed, 114 insertions, 9 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
new file mode 100644
index 00000000..6fb07f36
--- /dev/null
+++ b/application/ApplicationUtils.php
@@ -0,0 +1,69 @@
1<?php
2/**
3 * Shaarli (application) utilities
4 */
5class ApplicationUtils
6{
7
8 /**
9 * Checks Shaarli has the proper access permissions to its resources
10 *
11 * @param array $globalConfig The $GLOBALS['config'] array
12 *
13 * @return array A list of the detected configuration issues
14 */
15 public static function checkResourcePermissions($globalConfig)
16 {
17 $errors = array();
18
19 // Check script and template directories are readable
20 foreach (array(
21 'application',
22 'inc',
23 'plugins',
24 $globalConfig['RAINTPL_TPL']
25 ) as $path) {
26 if (! is_readable(realpath($path))) {
27 $errors[] = '"'.$path.'" directory is not readable';
28 }
29 }
30
31 // Check cache and data directories are readable and writeable
32 foreach (array(
33 $globalConfig['CACHEDIR'],
34 $globalConfig['DATADIR'],
35 $globalConfig['PAGECACHE'],
36 $globalConfig['RAINTPL_TMP']
37 ) as $path) {
38 if (! is_readable(realpath($path))) {
39 $errors[] = '"'.$path.'" directory is not readable';
40 }
41 if (! is_writable(realpath($path))) {
42 $errors[] = '"'.$path.'" directory is not writable';
43 }
44 }
45
46 // Check configuration files are readable and writeable
47 foreach (array(
48 $globalConfig['CONFIG_FILE'],
49 $globalConfig['DATASTORE'],
50 $globalConfig['IPBANS_FILENAME'],
51 $globalConfig['LOG_FILE'],
52 $globalConfig['UPDATECHECK_FILENAME']
53 ) as $path) {
54 if (! is_file(realpath($path))) {
55 # the file may not exist yet
56 continue;
57 }
58
59 if (! is_readable(realpath($path))) {
60 $errors[] = '"'.$path.'" file is not readable';
61 }
62 if (! is_writable(realpath($path))) {
63 $errors[] = '"'.$path.'" file is not writable';
64 }
65 }
66
67 return $errors;
68 }
69}
diff --git a/application/FileUtils.php b/application/FileUtils.php
new file mode 100644
index 00000000..6a12ef0e
--- /dev/null
+++ b/application/FileUtils.php
@@ -0,0 +1,19 @@
1<?php
2/**
3 * Exception class thrown when a filesystem access failure happens
4 */
5class IOException extends Exception
6{
7 private $path;
8
9 /**
10 * Construct a new IOException
11 *
12 * @param string $path path to the ressource that cannot be accessed
13 */
14 public function __construct($path)
15 {
16 $this->path = $path;
17 $this->message = 'Error accessing '.$this->path;
18 }
19}
diff --git a/application/LinkDB.php b/application/LinkDB.php
index 84733505..15fadbc3 100644
--- a/application/LinkDB.php
+++ b/application/LinkDB.php
@@ -212,11 +212,7 @@ You use the community supported version of the original Shaarli project, by Seba
212 $this->_links[$link['linkdate']] = $link; 212 $this->_links[$link['linkdate']] = $link;
213 213
214 // Write database to disk 214 // Write database to disk
215 // TODO: raise an exception if the file is not write-able 215 $this->writeDB();
216 file_put_contents(
217 $this->_datastore,
218 self::$phpPrefix.base64_encode(gzdeflate(serialize($this->_links))).self::$phpSuffix
219 );
220 } 216 }
221 217
222 /** 218 /**
@@ -270,6 +266,28 @@ You use the community supported version of the original Shaarli project, by Seba
270 /** 266 /**
271 * Saves the database from memory to disk 267 * Saves the database from memory to disk
272 * 268 *
269 * @throws IOException the datastore is not writable
270 */
271 private function writeDB()
272 {
273 if (is_file($this->_datastore) && !is_writeable($this->_datastore)) {
274 // The datastore exists but is not writeable
275 throw new IOException($this->_datastore);
276 } else if (!is_file($this->_datastore) && !is_writeable(dirname($this->_datastore))) {
277 // The datastore does not exist and its parent directory is not writeable
278 throw new IOException(dirname($this->_datastore));
279 }
280
281 file_put_contents(
282 $this->_datastore,
283 self::$phpPrefix.base64_encode(gzdeflate(serialize($this->_links))).self::$phpSuffix
284 );
285
286 }
287
288 /**
289 * Saves the database from memory to disk
290 *
273 * @param string $pageCacheDir page cache directory 291 * @param string $pageCacheDir page cache directory
274 */ 292 */
275 public function savedb($pageCacheDir) 293 public function savedb($pageCacheDir)
@@ -278,10 +296,9 @@ You use the community supported version of the original Shaarli project, by Seba
278 // TODO: raise an Exception instead 296 // TODO: raise an Exception instead
279 die('You are not authorized to change the database.'); 297 die('You are not authorized to change the database.');
280 } 298 }
281 file_put_contents( 299
282 $this->_datastore, 300 $this->writeDB();
283 self::$phpPrefix.base64_encode(gzdeflate(serialize($this->_links))).self::$phpSuffix 301
284 );
285 invalidateCaches($pageCacheDir); 302 invalidateCaches($pageCacheDir);
286 } 303 }
287 304