Inspection of "ne pas accepter un test_dir avec des .. dedans lor..." - spip/SPIP - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( bd12d7...8ea94c )

by cam

created 2022-04-14 09:08 UTC

Status

Indentation +118 added lines, -118 removed lines patch added patch discarded remove patch

@@ -11,11 +11,11 @@  discard block
 block discarded – undo
 \***************************************************************************/
 
 if (!defined('_ECRIRE_INC_VERSION')) {
-	return;
+    return;
 }
 
 if (defined('_TEST_DIRS')) {
-	return;
+    return;
 }
 define('_TEST_DIRS', '1');
 
@@ -26,42 +26,42 @@  discard block
 block discarded – undo
 // Tente d'ecrire
 //
 function test_ecrire($my_dir) {
-	static $chmod = 0;
-
-	$ok = false;
-	$script = @file_exists('spip_loader.php') ? 'spip_loader.php' : $_SERVER['PHP_SELF'];
-	$self = basename($script);
-	$uid = @fileowner('.');
-	$uid2 = @fileowner($self);
-	$gid = @filegroup('.');
-	$gid2 = @filegroup($self);
-	$perms = @fileperms($self);
-
-	// Comparer l'appartenance d'un fichier cree par PHP
-	// avec celle du script et du repertoire courant
-	if (!$chmod) {
-		@rmdir('test');
-		spip_unlink('test'); // effacer au cas ou
-		@touch('test');
-		if ($uid > 0 && $uid == $uid2 && @fileowner('test') == $uid) {
-			$chmod = 0700;
-		} else {
-			if ($gid > 0 && $gid == $gid2 && @filegroup('test') == $gid) {
-				$chmod = 0770;
-			} else {
-				$chmod = 0777;
-			}
-		}
-		// Appliquer de plus les droits d'acces du script
-		if ($perms > 0) {
-			$perms = ($perms & 0777) | (($perms & 0444) >> 2);
-			$chmod |= $perms;
-		}
-		spip_unlink('test');
-	}
-	$ok = is_dir($my_dir) && is_writable($my_dir);
-
-	return $ok ? $chmod : false;
+    static $chmod = 0;
+
+    $ok = false;
+    $script = @file_exists('spip_loader.php') ? 'spip_loader.php' : $_SERVER['PHP_SELF'];
+    $self = basename($script);
+    $uid = @fileowner('.');
+    $uid2 = @fileowner($self);
+    $gid = @filegroup('.');
+    $gid2 = @filegroup($self);
+    $perms = @fileperms($self);
+
+    // Comparer l'appartenance d'un fichier cree par PHP
+    // avec celle du script et du repertoire courant
+    if (!$chmod) {
+        @rmdir('test');
+        spip_unlink('test'); // effacer au cas ou
+        @touch('test');
+        if ($uid > 0 && $uid == $uid2 && @fileowner('test') == $uid) {
+            $chmod = 0700;
+        } else {
+            if ($gid > 0 && $gid == $gid2 && @filegroup('test') == $gid) {
+                $chmod = 0770;
+            } else {
+                $chmod = 0777;
+            }
+        }
+        // Appliquer de plus les droits d'acces du script
+        if ($perms > 0) {
+            $perms = ($perms & 0777) | (($perms & 0444) >> 2);
+            $chmod |= $perms;
+        }
+        spip_unlink('test');
+    }
+    $ok = is_dir($my_dir) && is_writable($my_dir);
+
+    return $ok ? $chmod : false;
 }
 
 //
@@ -71,84 +71,84 @@  discard block
 block discarded – undo
 
 function install_etape_chmod_dist() {
 
-	$continuer = null;
-	$test_dir = _request('test_dir');
-	$chmod = 0;
-
-	if ($test_dir and strpos($test_dir, '..') === false) {
-		if (substr($test_dir, -1) !== '/') {
-			$test_dir .= '/';
-		}
-		if (!in_array($test_dir, $GLOBALS['test_dirs'])) {
-			$GLOBALS['test_dirs'][] = _DIR_RACINE . $test_dir;
-		}
-	} else {
-		if (!_FILE_CONNECT) {
-			$GLOBALS['test_dirs'][] = _DIR_CONNECT;
-			$GLOBALS['test_dirs'][] = _DIR_CHMOD;
-		}
-	}
-
-	$bad_dirs = [];
-	$absent_dirs = [];
-
-	foreach ($GLOBALS['test_dirs'] as $i => $my_dir) {
-		$test = test_ecrire($my_dir);
-		if (!$test) {
-			$m = preg_replace(',^' . _DIR_RACINE . ',', '', $my_dir);
-			if (@file_exists($my_dir)) {
-				$bad_dirs['<li>' . $m . '</li>'] = 1;
-			} else {
-				$absent_dirs['<li>' . $m . '</li>'] = 1;
-			}
-		} else {
-			$chmod = max($chmod, $test);
-		}
-	}
-
-	if ($bad_dirs or $absent_dirs) {
-		if (!_FILE_CONNECT) {
-			$titre = _T('dirs_preliminaire');
-			$continuer = ' ' . _T('dirs_commencer') . '.';
-		} else {
-			$titre = _T('dirs_probleme_droits');
-		}
-
-
-		$res = "<div align='right'>" . menu_langues('var_lang_ecrire') . "</div>\n";
-
-		if ($bad_dirs) {
-			$res .=
-				_T(
-					'dirs_repertoires_suivants',
-					['bad_dirs' => join("\n", array_keys($bad_dirs))]
-				) .
-				'<b>' . _T('login_recharger') . '</b>.';
-		}
-
-		if ($absent_dirs) {
-			$res .=
-				_T(
-					'dirs_repertoires_absents',
-					['bad_dirs' => join("\n", array_keys($absent_dirs))]
-				) .
-				'<b>' . _T('login_recharger') . '</b>.';
-		}
-		$res = '<p>' . $continuer . $res . aider('install0', true) . '</p>';
-
-		$t = _T('login_recharger');
-		$t = (!$test_dir ? '' :
-				"<input type='hidden' name='test_dir' value='" . spip_htmlspecialchars($test_dir, ENT_QUOTES) . "' />")
-			. "<input type='hidden' name='etape' value='chmod' />"
-			. "<div style='text-align: right'><input type='submit' value='" . attribut_html($t) . "' /></div>";
-
-		echo minipres($titre, $res . generer_form_ecrire('install', $t));
-	} else {
-		$deja = (_FILE_CONNECT and analyse_fichier_connection(_FILE_CONNECT));
-		if (!$deja) {
-			redirige_url_ecrire('install', 'etape=1&chmod=' . $chmod);
-		} else {
-			redirige_url_ecrire();
-		}
-	}
+    $continuer = null;
+    $test_dir = _request('test_dir');
+    $chmod = 0;
+
+    if ($test_dir and strpos($test_dir, '..') === false) {
+        if (substr($test_dir, -1) !== '/') {
+            $test_dir .= '/';
+        }
+        if (!in_array($test_dir, $GLOBALS['test_dirs'])) {
+            $GLOBALS['test_dirs'][] = _DIR_RACINE . $test_dir;
+        }
+    } else {
+        if (!_FILE_CONNECT) {
+            $GLOBALS['test_dirs'][] = _DIR_CONNECT;
+            $GLOBALS['test_dirs'][] = _DIR_CHMOD;
+        }
+    }
+
+    $bad_dirs = [];
+    $absent_dirs = [];
+
+    foreach ($GLOBALS['test_dirs'] as $i => $my_dir) {
+        $test = test_ecrire($my_dir);
+        if (!$test) {
+            $m = preg_replace(',^' . _DIR_RACINE . ',', '', $my_dir);
+            if (@file_exists($my_dir)) {
+                $bad_dirs['<li>' . $m . '</li>'] = 1;
+            } else {
+                $absent_dirs['<li>' . $m . '</li>'] = 1;
+            }
+        } else {
+            $chmod = max($chmod, $test);
+        }
+    }
+
+    if ($bad_dirs or $absent_dirs) {
+        if (!_FILE_CONNECT) {
+            $titre = _T('dirs_preliminaire');
+            $continuer = ' ' . _T('dirs_commencer') . '.';
+        } else {
+            $titre = _T('dirs_probleme_droits');
+        }
+
+
+        $res = "<div align='right'>" . menu_langues('var_lang_ecrire') . "</div>\n";
+
+        if ($bad_dirs) {
+            $res .=
+                _T(
+                    'dirs_repertoires_suivants',
+                    ['bad_dirs' => join("\n", array_keys($bad_dirs))]
+                ) .
+                '<b>' . _T('login_recharger') . '</b>.';
+        }
+
+        if ($absent_dirs) {
+            $res .=
+                _T(
+                    'dirs_repertoires_absents',
+                    ['bad_dirs' => join("\n", array_keys($absent_dirs))]
+                ) .
+                '<b>' . _T('login_recharger') . '</b>.';
+        }
+        $res = '<p>' . $continuer . $res . aider('install0', true) . '</p>';
+
+        $t = _T('login_recharger');
+        $t = (!$test_dir ? '' :
+                "<input type='hidden' name='test_dir' value='" . spip_htmlspecialchars($test_dir, ENT_QUOTES) . "' />")
+            . "<input type='hidden' name='etape' value='chmod' />"
+            . "<div style='text-align: right'><input type='submit' value='" . attribut_html($t) . "' /></div>";
+
+        echo minipres($titre, $res . generer_form_ecrire('install', $t));
+    } else {
+        $deja = (_FILE_CONNECT and analyse_fichier_connection(_FILE_CONNECT));
+        if (!$deja) {
+            redirige_url_ecrire('install', 'etape=1&chmod=' . $chmod);
+        } else {
+            redirige_url_ecrire();
+        }
+    }
 }

Please login to merge, or discard this patch.

		@@ -11,11 +11,11 @@ discard block
		block discarded – undo
11	11	\***************************************************************************/
12	12
13	13	if (!defined('_ECRIRE_INC_VERSION')) {
14		- return;
	14	+ return;
15	15	}
16	16
17	17	if (defined('_TEST_DIRS')) {
18		- return;
	18	+ return;
19	19	}
20	20	define('_TEST_DIRS', '1');
21	21
		@@ -26,42 +26,42 @@ discard block
		block discarded – undo
26	26	// Tente d'ecrire
27	27	//
28	28	function test_ecrire($my_dir) {
29		- static $chmod = 0;
30		-
31		- $ok = false;
32		- $script = @file_exists('spip_loader.php') ? 'spip_loader.php' : $_SERVER['PHP_SELF'];
33		- $self = basename($script);
34		- $uid = @fileowner('.');
35		- $uid2 = @fileowner($self);
36		- $gid = @filegroup('.');
37		- $gid2 = @filegroup($self);
38		- $perms = @fileperms($self);
39		-
40		- // Comparer l'appartenance d'un fichier cree par PHP
41		- // avec celle du script et du repertoire courant
42		- if (!$chmod) {
43		- @rmdir('test');
44		- spip_unlink('test'); // effacer au cas ou
45		- @touch('test');
46		- if ($uid > 0 && $uid == $uid2 && @fileowner('test') == $uid) {
47		- $chmod = 0700;
48		- } else {
49		- if ($gid > 0 && $gid == $gid2 && @filegroup('test') == $gid) {
50		- $chmod = 0770;
51		- } else {
52		- $chmod = 0777;
53		- }
54		- }
55		- // Appliquer de plus les droits d'acces du script
56		- if ($perms > 0) {
57		- $perms = ($perms & 0777) \| (($perms & 0444) >> 2);
58		- $chmod \|= $perms;
59		- }
60		- spip_unlink('test');
61		- }
62		- $ok = is_dir($my_dir) && is_writable($my_dir);
63		-
64		- return $ok ? $chmod : false;
	29	+ static $chmod = 0;
	30	+
	31	+ $ok = false;
	32	+ $script = @file_exists('spip_loader.php') ? 'spip_loader.php' : $_SERVER['PHP_SELF'];
	33	+ $self = basename($script);
	34	+ $uid = @fileowner('.');
	35	+ $uid2 = @fileowner($self);
	36	+ $gid = @filegroup('.');
	37	+ $gid2 = @filegroup($self);
	38	+ $perms = @fileperms($self);
	39	+
	40	+ // Comparer l'appartenance d'un fichier cree par PHP
	41	+ // avec celle du script et du repertoire courant
	42	+ if (!$chmod) {
	43	+ @rmdir('test');
	44	+ spip_unlink('test'); // effacer au cas ou
	45	+ @touch('test');
	46	+ if ($uid > 0 && $uid == $uid2 && @fileowner('test') == $uid) {
	47	+ $chmod = 0700;
	48	+ } else {
	49	+ if ($gid > 0 && $gid == $gid2 && @filegroup('test') == $gid) {
	50	+ $chmod = 0770;
	51	+ } else {
	52	+ $chmod = 0777;
	53	+ }
	54	+ }
	55	+ // Appliquer de plus les droits d'acces du script
	56	+ if ($perms > 0) {
	57	+ $perms = ($perms & 0777) \| (($perms & 0444) >> 2);
	58	+ $chmod \|= $perms;
	59	+ }
	60	+ spip_unlink('test');
	61	+ }
	62	+ $ok = is_dir($my_dir) && is_writable($my_dir);
	63	+
	64	+ return $ok ? $chmod : false;
65	65	}
66	66
67	67	//
		@@ -71,84 +71,84 @@ discard block
		block discarded – undo
71	71
72	72	function install_etape_chmod_dist() {
73	73
74		- $continuer = null;
75		- $test_dir = _request('test_dir');
76		- $chmod = 0;
77		-
78		- if ($test_dir and strpos($test_dir, '..') === false) {
79		- if (substr($test_dir, -1) !== '/') {
80		- $test_dir .= '/';
81		- }
82		- if (!in_array($test_dir, $GLOBALS['test_dirs'])) {
83		- $GLOBALS['test_dirs'][] = _DIR_RACINE . $test_dir;
84		- }
85		- } else {
86		- if (!_FILE_CONNECT) {
87		- $GLOBALS['test_dirs'][] = _DIR_CONNECT;
88		- $GLOBALS['test_dirs'][] = _DIR_CHMOD;
89		- }
90		- }
91		-
92		- $bad_dirs = [];
93		- $absent_dirs = [];
94		-
95		- foreach ($GLOBALS['test_dirs'] as $i => $my_dir) {
96		- $test = test_ecrire($my_dir);
97		- if (!$test) {
98		- $m = preg_replace(',^' . _DIR_RACINE . ',', '', $my_dir);
99		- if (@file_exists($my_dir)) {
100		- $bad_dirs['<li>' . $m . '</li>'] = 1;
101		- } else {
102		- $absent_dirs['<li>' . $m . '</li>'] = 1;
103		- }
104		- } else {
105		- $chmod = max($chmod, $test);
106		- }
107		- }
108		-
109		- if ($bad_dirs or $absent_dirs) {
110		- if (!_FILE_CONNECT) {
111		- $titre = _T('dirs_preliminaire');
112		- $continuer = ' ' . _T('dirs_commencer') . '.';
113		- } else {
114		- $titre = _T('dirs_probleme_droits');
115		- }
116		-
117		-
118		- $res = "<div align='right'>" . menu_langues('var_lang_ecrire') . "</div>\n";
119		-
120		- if ($bad_dirs) {
121		- $res .=
122		- _T(
123		- 'dirs_repertoires_suivants',
124		- ['bad_dirs' => join("\n", array_keys($bad_dirs))]
125		- ) .
126		- '<b>' . _T('login_recharger') . '</b>.';
127		- }
128		-
129		- if ($absent_dirs) {
130		- $res .=
131		- _T(
132		- 'dirs_repertoires_absents',
133		- ['bad_dirs' => join("\n", array_keys($absent_dirs))]
134		- ) .
135		- '<b>' . _T('login_recharger') . '</b>.';
136		- }
137		- $res = '<p>' . $continuer . $res . aider('install0', true) . '</p>';
138		-
139		- $t = _T('login_recharger');
140		- $t = (!$test_dir ? '' :
141		- "<input type='hidden' name='test_dir' value='" . spip_htmlspecialchars($test_dir, ENT_QUOTES) . "' />")
142		- . "<input type='hidden' name='etape' value='chmod' />"
143		- . "<div style='text-align: right'><input type='submit' value='" . attribut_html($t) . "' /></div>";
144		-
145		- echo minipres($titre, $res . generer_form_ecrire('install', $t));
146		- } else {
147		- $deja = (_FILE_CONNECT and analyse_fichier_connection(_FILE_CONNECT));
148		- if (!$deja) {
149		- redirige_url_ecrire('install', 'etape=1&chmod=' . $chmod);
150		- } else {
151		- redirige_url_ecrire();
152		- }
153		- }
	74	+ $continuer = null;
	75	+ $test_dir = _request('test_dir');
	76	+ $chmod = 0;
	77	+
	78	+ if ($test_dir and strpos($test_dir, '..') === false) {
	79	+ if (substr($test_dir, -1) !== '/') {
	80	+ $test_dir .= '/';
	81	+ }
	82	+ if (!in_array($test_dir, $GLOBALS['test_dirs'])) {
	83	+ $GLOBALS['test_dirs'][] = _DIR_RACINE . $test_dir;
	84	+ }
	85	+ } else {
	86	+ if (!_FILE_CONNECT) {
	87	+ $GLOBALS['test_dirs'][] = _DIR_CONNECT;
	88	+ $GLOBALS['test_dirs'][] = _DIR_CHMOD;
	89	+ }
	90	+ }
	91	+
	92	+ $bad_dirs = [];
	93	+ $absent_dirs = [];
	94	+
	95	+ foreach ($GLOBALS['test_dirs'] as $i => $my_dir) {
	96	+ $test = test_ecrire($my_dir);
	97	+ if (!$test) {
	98	+ $m = preg_replace(',^' . _DIR_RACINE . ',', '', $my_dir);
	99	+ if (@file_exists($my_dir)) {
	100	+ $bad_dirs['<li>' . $m . '</li>'] = 1;
	101	+ } else {
	102	+ $absent_dirs['<li>' . $m . '</li>'] = 1;
	103	+ }
	104	+ } else {
	105	+ $chmod = max($chmod, $test);
	106	+ }
	107	+ }
	108	+
	109	+ if ($bad_dirs or $absent_dirs) {
	110	+ if (!_FILE_CONNECT) {
	111	+ $titre = _T('dirs_preliminaire');
	112	+ $continuer = ' ' . _T('dirs_commencer') . '.';
	113	+ } else {
	114	+ $titre = _T('dirs_probleme_droits');
	115	+ }
	116	+
	117	+
	118	+ $res = "<div align='right'>" . menu_langues('var_lang_ecrire') . "</div>\n";
	119	+
	120	+ if ($bad_dirs) {
	121	+ $res .=
	122	+ _T(
	123	+ 'dirs_repertoires_suivants',
	124	+ ['bad_dirs' => join("\n", array_keys($bad_dirs))]
	125	+ ) .
	126	+ '<b>' . _T('login_recharger') . '</b>.';
	127	+ }
	128	+
	129	+ if ($absent_dirs) {
	130	+ $res .=
	131	+ _T(
	132	+ 'dirs_repertoires_absents',
	133	+ ['bad_dirs' => join("\n", array_keys($absent_dirs))]
	134	+ ) .
	135	+ '<b>' . _T('login_recharger') . '</b>.';
	136	+ }
	137	+ $res = '<p>' . $continuer . $res . aider('install0', true) . '</p>';
	138	+
	139	+ $t = _T('login_recharger');
	140	+ $t = (!$test_dir ? '' :
	141	+ "<input type='hidden' name='test_dir' value='" . spip_htmlspecialchars($test_dir, ENT_QUOTES) . "' />")
	142	+ . "<input type='hidden' name='etape' value='chmod' />"
	143	+ . "<div style='text-align: right'><input type='submit' value='" . attribut_html($t) . "' /></div>";
	144	+
	145	+ echo minipres($titre, $res . generer_form_ecrire('install', $t));
	146	+ } else {
	147	+ $deja = (_FILE_CONNECT and analyse_fichier_connection(_FILE_CONNECT));
	148	+ if (!$deja) {
	149	+ redirige_url_ecrire('install', 'etape=1&chmod=' . $chmod);
	150	+ } else {
	151	+ redirige_url_ecrire();
	152	+ }
	153	+ }
154	154	}

spip / SPIP

Push — master ( bd12d7...8ea94c )

Status

Category

Indentation +118 added lines, -118 removed lines patch added patch discarded remove patch