Merge pull request #975 from virtualtam/robustness

Improve robustness for zlib and file operations
author: VirtualTam <virtualtam+github@flibidi.net> 2017-09-30 10:56:56 +0200
committer: GitHub <noreply@github.com> 2017-09-30 10:56:56 +0200
commit: 7c670b39a2505f625066e7d87e1536fc02e9d6fc (patch)
tree: 7ffedc72fbf35c7b2721afcf163250a01fa13059 /application
parent: a59bbf50d7530d7e82a91896a210b9da49cb1568 (diff)
parent: 8c322aaba197bab1a9992b731db80d9faa133bc4 (diff)
download: Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.tar.gz
Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.tar.zst
Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.zip
3 files changed, 20 insertions, 12 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
index 85dcbeeb..123cc0b3 100644
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@@ -168,14 +168,15 @@ class ApplicationUtils
    public static function checkResourcePermissions($conf)
    {
        $errors = array();
+        $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
        // Check script and template directories are readable
        foreach (array(
            'application',
            'inc',
            'plugins',
-            $conf->get('resource.raintpl_tpl'),
+            $rainTplDir,
-            $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),
+            $rainTplDir.'/'.$conf->get('resource.theme'),
        ) as $path) {
            if (! is_readable(realpath($path))) {
                $errors[] = '"'.$path.'" directory is not readable';
diff --git a/application/FileUtils.php b/application/FileUtils.php
index a167f642..918cb83b 100644
--- a/application/FileUtils.php
+++ b/application/FileUtils.php
@@ -50,7 +50,8 @@ class FileUtils
    /**
     * Read data from a file containing Shaarli database format content.
-     * If the file isn't readable or doesn't exists, default data will be returned.
+     *
+     * If the file isn't readable or doesn't exist, default data will be returned.
     *
     * @param string $file    File path.
     * @param mixed  $default The default value to return if the file isn't readable.
@@ -61,16 +62,21 @@ class FileUtils
    {
        // Note that gzinflate is faster than gzuncompress.
        // See: http://www.php.net/manual/en/function.gzdeflate.php#96439
-        if (is_readable($file)) {
+        if (! is_readable($file)) {
-            return unserialize(
+            return $default;
-                gzinflate(
+        }
-                    base64_decode(
-                        substr(file_get_contents($file), strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
+        $data = file_get_contents($file);
-                    )
+        if ($data == '') {
-                )
+            return $default;
-            );
        }
-        return $default;
+        return unserialize(
+            gzinflate(
+                base64_decode(
+                    substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
+                )
+            )
+        );
    }
 }
diff --git a/application/ThemeUtils.php b/application/ThemeUtils.php
index 2718ed13..16f2f6a2 100644
--- a/application/ThemeUtils.php
+++ b/application/ThemeUtils.php
@@ -22,6 +22,7 @@ class ThemeUtils
     */
    public static function getThemes($tplDir)
    {
+        $tplDir = rtrim($tplDir, '/');
        $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
        $themes = [];
        foreach ($allTheme as $value) {
author	VirtualTam <virtualtam+github@flibidi.net>	2017-09-30 10:56:56 +0200
committer	GitHub <noreply@github.com>	2017-09-30 10:56:56 +0200
commit	7c670b39a2505f625066e7d87e1536fc02e9d6fc (patch)
tree	7ffedc72fbf35c7b2721afcf163250a01fa13059 /application
parent	a59bbf50d7530d7e82a91896a210b9da49cb1568 (diff)
parent	8c322aaba197bab1a9992b731db80d9faa133bc4 (diff)
download	Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.tar.gz Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.tar.zst Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.zip

diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php index 85dcbeeb..123cc0b3 100644 --- a/application/ApplicationUtils.php +++ b/application/ApplicationUtils.php
@@ -168,14 +168,15 @@ class ApplicationUtils
168	public static function checkResourcePermissions($conf)	168	public static function checkResourcePermissions($conf)
169	{	169	{
170	$errors = array();	170	$errors = array();
		171	$rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
171		172
172	// Check script and template directories are readable	173	// Check script and template directories are readable
173	foreach (array(	174	foreach (array(
174	'application',	175	'application',
175	'inc',	176	'inc',
176	'plugins',	177	'plugins',
177	$conf->get('resource.raintpl_tpl'),	178	$rainTplDir,
178	$conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'),	179	$rainTplDir.'/'.$conf->get('resource.theme'),
179	) as $path) {	180	) as $path) {
180	if (! is_readable(realpath($path))) {	181	if (! is_readable(realpath($path))) {
181	$errors[] = '"'.$path.'" directory is not readable';	182	$errors[] = '"'.$path.'" directory is not readable';


diff --git a/application/FileUtils.php b/application/FileUtils.php index a167f642..918cb83b 100644 --- a/application/FileUtils.php +++ b/application/FileUtils.php
@@ -50,7 +50,8 @@ class FileUtils
50		50
51	/**	51	/**
52	* Read data from a file containing Shaarli database format content.	52	* Read data from a file containing Shaarli database format content.
53	* If the file isn't readable or doesn't exists, default data will be returned.	53	*
		54	* If the file isn't readable or doesn't exist, default data will be returned.
54	*	55	*
55	* @param string $file File path.	56	* @param string $file File path.
56	* @param mixed $default The default value to return if the file isn't readable.	57	* @param mixed $default The default value to return if the file isn't readable.
@@ -61,16 +62,21 @@ class FileUtils
61	{	62	{
62	// Note that gzinflate is faster than gzuncompress.	63	// Note that gzinflate is faster than gzuncompress.
63	// See: http://www.php.net/manual/en/function.gzdeflate.php#96439	64	// See: http://www.php.net/manual/en/function.gzdeflate.php#96439
64	if (is_readable($file)) {	65	if (! is_readable($file)) {
65	return unserialize(	66	return $default;
66	gzinflate(	67	}
67	base64_decode(	68
68	substr(file_get_contents($file), strlen(self::$phpPrefix), -strlen(self::$phpSuffix))	69	$data = file_get_contents($file);
69	)	70	if ($data == '') {
70	)	71	return $default;
71	);
72	}	72	}
73		73
74	return $default;	74	return unserialize(
		75	gzinflate(
		76	base64_decode(
		77	substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
		78	)
		79	)
		80	);
75	}	81	}
76	}	82	}


diff --git a/application/ThemeUtils.php b/application/ThemeUtils.php index 2718ed13..16f2f6a2 100644 --- a/application/ThemeUtils.php +++ b/application/ThemeUtils.php
@@ -22,6 +22,7 @@ class ThemeUtils
22	*/	22	*/
23	public static function getThemes($tplDir)	23	public static function getThemes($tplDir)
24	{	24	{
		25	$tplDir = rtrim($tplDir, '/');
25	$allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);	26	$allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
26	$themes = [];	27	$themes = [];
27	foreach ($allTheme as $value) {	28	foreach ($allTheme as $value) {