aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorVirtualTam <virtualtam+github@flibidi.net>2017-09-30 10:56:56 +0200
committerGitHub <noreply@github.com>2017-09-30 10:56:56 +0200
commit7c670b39a2505f625066e7d87e1536fc02e9d6fc (patch)
tree7ffedc72fbf35c7b2721afcf163250a01fa13059 /application
parenta59bbf50d7530d7e82a91896a210b9da49cb1568 (diff)
parent8c322aaba197bab1a9992b731db80d9faa133bc4 (diff)
downloadShaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.tar.gz
Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.tar.zst
Shaarli-7c670b39a2505f625066e7d87e1536fc02e9d6fc.zip
Merge pull request #975 from virtualtam/robustness
Improve robustness for zlib and file operations
Diffstat (limited to 'application')
-rw-r--r--application/ApplicationUtils.php5
-rw-r--r--application/FileUtils.php26
-rw-r--r--application/ThemeUtils.php1
3 files changed, 20 insertions, 12 deletions
diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php
index 85dcbeeb..123cc0b3 100644
--- a/application/ApplicationUtils.php
+++ b/application/ApplicationUtils.php
@@ -168,14 +168,15 @@ class ApplicationUtils
168 public static function checkResourcePermissions($conf) 168 public static function checkResourcePermissions($conf)
169 { 169 {
170 $errors = array(); 170 $errors = array();
171 $rainTplDir = rtrim($conf->get('resource.raintpl_tpl'), '/');
171 172
172 // Check script and template directories are readable 173 // Check script and template directories are readable
173 foreach (array( 174 foreach (array(
174 'application', 175 'application',
175 'inc', 176 'inc',
176 'plugins', 177 'plugins',
177 $conf->get('resource.raintpl_tpl'), 178 $rainTplDir,
178 $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme'), 179 $rainTplDir.'/'.$conf->get('resource.theme'),
179 ) as $path) { 180 ) as $path) {
180 if (! is_readable(realpath($path))) { 181 if (! is_readable(realpath($path))) {
181 $errors[] = '"'.$path.'" directory is not readable'; 182 $errors[] = '"'.$path.'" directory is not readable';
diff --git a/application/FileUtils.php b/application/FileUtils.php
index a167f642..918cb83b 100644
--- a/application/FileUtils.php
+++ b/application/FileUtils.php
@@ -50,7 +50,8 @@ class FileUtils
50 50
51 /** 51 /**
52 * Read data from a file containing Shaarli database format content. 52 * Read data from a file containing Shaarli database format content.
53 * If the file isn't readable or doesn't exists, default data will be returned. 53 *
54 * If the file isn't readable or doesn't exist, default data will be returned.
54 * 55 *
55 * @param string $file File path. 56 * @param string $file File path.
56 * @param mixed $default The default value to return if the file isn't readable. 57 * @param mixed $default The default value to return if the file isn't readable.
@@ -61,16 +62,21 @@ class FileUtils
61 { 62 {
62 // Note that gzinflate is faster than gzuncompress. 63 // Note that gzinflate is faster than gzuncompress.
63 // See: http://www.php.net/manual/en/function.gzdeflate.php#96439 64 // See: http://www.php.net/manual/en/function.gzdeflate.php#96439
64 if (is_readable($file)) { 65 if (! is_readable($file)) {
65 return unserialize( 66 return $default;
66 gzinflate( 67 }
67 base64_decode( 68
68 substr(file_get_contents($file), strlen(self::$phpPrefix), -strlen(self::$phpSuffix)) 69 $data = file_get_contents($file);
69 ) 70 if ($data == '') {
70 ) 71 return $default;
71 );
72 } 72 }
73 73
74 return $default; 74 return unserialize(
75 gzinflate(
76 base64_decode(
77 substr($data, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
78 )
79 )
80 );
75 } 81 }
76} 82}
diff --git a/application/ThemeUtils.php b/application/ThemeUtils.php
index 2718ed13..16f2f6a2 100644
--- a/application/ThemeUtils.php
+++ b/application/ThemeUtils.php
@@ -22,6 +22,7 @@ class ThemeUtils
22 */ 22 */
23 public static function getThemes($tplDir) 23 public static function getThemes($tplDir)
24 { 24 {
25 $tplDir = rtrim($tplDir, '/');
25 $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR); 26 $allTheme = glob($tplDir.'/*', GLOB_ONLYDIR);
26 $themes = []; 27 $themes = [];
27 foreach ($allTheme as $value) { 28 foreach ($allTheme as $value) {