Issues (10)

lib/Persistence/AbstractPersistence.php (1 issue)

1
<?php
2
/**
3
 * PrivateBin
4
 *
5
 * a zero-knowledge paste bin
6
 *
7
 * @link      https://github.com/PrivateBin/PrivateBin
8
 * @copyright 2012 S├ębastien SAUVAGE (sebsauvage.net)
9
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
10
 * @version   1.3.1
11
 */
12
13
namespace PrivateBin\Persistence;
14
15
use Exception;
16
17
/**
18
 * AbstractPersistence
19
 *
20
 * persists data in PHP files
21
 */
22
abstract class AbstractPersistence
23
{
24
    /**
25
     * path in which to persist something
26
     *
27
     * @access private
28
     * @static
29
     * @var    string
30
     */
31
    private static $_path = 'data';
32
33
    /**
34
     * set the path
35
     *
36
     * @access public
37
     * @static
38
     * @param  string $path
39
     */
40 115
    public static function setPath($path)
41
    {
42 115
        self::$_path = $path;
43 115
    }
44
45
    /**
46
     * get the path
47
     *
48
     * @access public
49
     * @static
50
     * @param  string $filename
51
     * @return string
52
     */
53 59
    public static function getPath($filename = null)
54
    {
55 59
        if (strlen($filename)) {
56 59
            return self::$_path . DIRECTORY_SEPARATOR . $filename;
57
        } else {
58 43
            return self::$_path;
59
        }
60
    }
61
62
    /**
63
     * checks if the file exists
64
     *
65
     * @access protected
66
     * @static
67
     * @param  string $filename
68
     * @return bool
69
     */
70 45
    protected static function _exists($filename)
71
    {
72 45
        self::_initialize();
73 43
        return is_file(self::$_path . DIRECTORY_SEPARATOR . $filename);
74
    }
75
76
    /**
77
     * prepares path for storage
78
     *
79
     * @access protected
80
     * @static
81
     * @throws Exception
82
     */
83 67
    protected static function _initialize()
84
    {
85
        // Create storage directory if it does not exist.
86 67
        if (!is_dir(self::$_path)) {
87 15
            if ([email protected](self::$_path, 0700)) {
88 1
                throw new Exception('unable to create directory ' . self::$_path, 10);
89
            }
90
        }
91 66
        $file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess';
92 66
        if (!is_file($file)) {
93 65
            $writtenBytes = @file_put_contents(
94 65
                $file,
95 65
                'Require all denied' . PHP_EOL,
96 65
                LOCK_EX
97
            );
98 65
            if ($writtenBytes === false || $writtenBytes < 19) {
99 1
                throw new Exception('unable to write to file ' . $file, 11);
100
            }
101
        }
102 65
    }
103
104
    /**
105
     * store the data
106
     *
107
     * @access protected
108
     * @static
109
     * @param  string $filename
110
     * @param  string $data
111
     * @throws Exception
112
     * @return string
113
     */
114 64
    protected static function _store($filename, $data)
115
    {
116 64
        self::_initialize();
117 64
        $file         = self::$_path . DIRECTORY_SEPARATOR . $filename;
118 64
        $writtenBytes = @file_put_contents($file, $data, LOCK_EX);
119 64
        if ($writtenBytes === false || $writtenBytes < strlen($data)) {
120 1
            throw new Exception('unable to write to file ' . $file, 13);
121
        }
122 63
        @chmod($file, 0640); // protect file access
0 ignored issues
show
Security Best Practice introduced by rugk
It seems like you do not handle an error condition for chmod(). This can introduce security issues, and is generally not recommended. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unhandled  annotation

122
        /** @scrutinizer ignore-unhandled */ @chmod($file, 0640); // protect file access

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
123 63
        return $file;
124
    }
125
}
126