diff options
author | VirtualTam <virtualtam@flibidi.net> | 2015-11-11 22:49:58 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2015-11-24 01:12:35 +0100 |
commit | 2e28269baed195d58bbe169841eed176b171db76 (patch) | |
tree | f743e785edf708454ab53efa13f38e35f10447e6 /application | |
parent | c580024cfbe5f0d290b09157b9665d1b4131d7f4 (diff) | |
download | Shaarli-2e28269baed195d58bbe169841eed176b171db76.tar.gz Shaarli-2e28269baed195d58bbe169841eed176b171db76.tar.zst Shaarli-2e28269baed195d58bbe169841eed176b171db76.zip |
install: check file/directory permissions for Shaarli resources
Relates to #40
Relates to #372
Additions:
- FileUtils: IOException
- ApplicationUtils:
- check if Shaarli resources are accessible with sufficient permissions
- basic test coverage
- index.php:
- check access permissions and redirect to an error page if needed:
- before running the first installation
Modifications:
- LinkDB:
- factorize datastore write code
- check if the datastore
(exists AND is writeable) OR (doesn't exist AND its parent dir is writable)
- raise an IOException if needed
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r-- | application/ApplicationUtils.php | 69 | ||||
-rw-r--r-- | application/FileUtils.php | 19 | ||||
-rw-r--r-- | application/LinkDB.php | 35 |
3 files changed, 114 insertions, 9 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php new file mode 100644 index 00000000..6fb07f36 --- /dev/null +++ b/application/ApplicationUtils.php | |||
@@ -0,0 +1,69 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * Shaarli (application) utilities | ||
4 | */ | ||
5 | class ApplicationUtils | ||
6 | { | ||
7 | |||
8 | /** | ||
9 | * Checks Shaarli has the proper access permissions to its resources | ||
10 | * | ||
11 | * @param array $globalConfig The $GLOBALS['config'] array | ||
12 | * | ||
13 | * @return array A list of the detected configuration issues | ||
14 | */ | ||
15 | public static function checkResourcePermissions($globalConfig) | ||
16 | { | ||
17 | $errors = array(); | ||
18 | |||
19 | // Check script and template directories are readable | ||
20 | foreach (array( | ||
21 | 'application', | ||
22 | 'inc', | ||
23 | 'plugins', | ||
24 | $globalConfig['RAINTPL_TPL'] | ||
25 | ) as $path) { | ||
26 | if (! is_readable(realpath($path))) { | ||
27 | $errors[] = '"'.$path.'" directory is not readable'; | ||
28 | } | ||
29 | } | ||
30 | |||
31 | // Check cache and data directories are readable and writeable | ||
32 | foreach (array( | ||
33 | $globalConfig['CACHEDIR'], | ||
34 | $globalConfig['DATADIR'], | ||
35 | $globalConfig['PAGECACHE'], | ||
36 | $globalConfig['RAINTPL_TMP'] | ||
37 | ) as $path) { | ||
38 | if (! is_readable(realpath($path))) { | ||
39 | $errors[] = '"'.$path.'" directory is not readable'; | ||
40 | } | ||
41 | if (! is_writable(realpath($path))) { | ||
42 | $errors[] = '"'.$path.'" directory is not writable'; | ||
43 | } | ||
44 | } | ||
45 | |||
46 | // Check configuration files are readable and writeable | ||
47 | foreach (array( | ||
48 | $globalConfig['CONFIG_FILE'], | ||
49 | $globalConfig['DATASTORE'], | ||
50 | $globalConfig['IPBANS_FILENAME'], | ||
51 | $globalConfig['LOG_FILE'], | ||
52 | $globalConfig['UPDATECHECK_FILENAME'] | ||
53 | ) as $path) { | ||
54 | if (! is_file(realpath($path))) { | ||
55 | # the file may not exist yet | ||
56 | continue; | ||
57 | } | ||
58 | |||
59 | if (! is_readable(realpath($path))) { | ||
60 | $errors[] = '"'.$path.'" file is not readable'; | ||
61 | } | ||
62 | if (! is_writable(realpath($path))) { | ||
63 | $errors[] = '"'.$path.'" file is not writable'; | ||
64 | } | ||
65 | } | ||
66 | |||
67 | return $errors; | ||
68 | } | ||
69 | } | ||
diff --git a/application/FileUtils.php b/application/FileUtils.php new file mode 100644 index 00000000..6a12ef0e --- /dev/null +++ b/application/FileUtils.php | |||
@@ -0,0 +1,19 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * Exception class thrown when a filesystem access failure happens | ||
4 | */ | ||
5 | class IOException extends Exception | ||
6 | { | ||
7 | private $path; | ||
8 | |||
9 | /** | ||
10 | * Construct a new IOException | ||
11 | * | ||
12 | * @param string $path path to the ressource that cannot be accessed | ||
13 | */ | ||
14 | public function __construct($path) | ||
15 | { | ||
16 | $this->path = $path; | ||
17 | $this->message = 'Error accessing '.$this->path; | ||
18 | } | ||
19 | } | ||
diff --git a/application/LinkDB.php b/application/LinkDB.php index 84733505..15fadbc3 100644 --- a/application/LinkDB.php +++ b/application/LinkDB.php | |||
@@ -212,11 +212,7 @@ You use the community supported version of the original Shaarli project, by Seba | |||
212 | $this->_links[$link['linkdate']] = $link; | 212 | $this->_links[$link['linkdate']] = $link; |
213 | 213 | ||
214 | // Write database to disk | 214 | // Write database to disk |
215 | // TODO: raise an exception if the file is not write-able | 215 | $this->writeDB(); |
216 | file_put_contents( | ||
217 | $this->_datastore, | ||
218 | self::$phpPrefix.base64_encode(gzdeflate(serialize($this->_links))).self::$phpSuffix | ||
219 | ); | ||
220 | } | 216 | } |
221 | 217 | ||
222 | /** | 218 | /** |
@@ -270,6 +266,28 @@ You use the community supported version of the original Shaarli project, by Seba | |||
270 | /** | 266 | /** |
271 | * Saves the database from memory to disk | 267 | * Saves the database from memory to disk |
272 | * | 268 | * |
269 | * @throws IOException the datastore is not writable | ||
270 | */ | ||
271 | private function writeDB() | ||
272 | { | ||
273 | if (is_file($this->_datastore) && !is_writeable($this->_datastore)) { | ||
274 | // The datastore exists but is not writeable | ||
275 | throw new IOException($this->_datastore); | ||
276 | } else if (!is_file($this->_datastore) && !is_writeable(dirname($this->_datastore))) { | ||
277 | // The datastore does not exist and its parent directory is not writeable | ||
278 | throw new IOException(dirname($this->_datastore)); | ||
279 | } | ||
280 | |||
281 | file_put_contents( | ||
282 | $this->_datastore, | ||
283 | self::$phpPrefix.base64_encode(gzdeflate(serialize($this->_links))).self::$phpSuffix | ||
284 | ); | ||
285 | |||
286 | } | ||
287 | |||
288 | /** | ||
289 | * Saves the database from memory to disk | ||
290 | * | ||
273 | * @param string $pageCacheDir page cache directory | 291 | * @param string $pageCacheDir page cache directory |
274 | */ | 292 | */ |
275 | public function savedb($pageCacheDir) | 293 | public function savedb($pageCacheDir) |
@@ -278,10 +296,9 @@ You use the community supported version of the original Shaarli project, by Seba | |||
278 | // TODO: raise an Exception instead | 296 | // TODO: raise an Exception instead |
279 | die('You are not authorized to change the database.'); | 297 | die('You are not authorized to change the database.'); |
280 | } | 298 | } |
281 | file_put_contents( | 299 | |
282 | $this->_datastore, | 300 | $this->writeDB(); |
283 | self::$phpPrefix.base64_encode(gzdeflate(serialize($this->_links))).self::$phpSuffix | 301 | |
284 | ); | ||
285 | invalidateCaches($pageCacheDir); | 302 | invalidateCaches($pageCacheDir); |
286 | } | 303 | } |
287 | 304 | ||