holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

"- fix for bug #1817: file in a searchable directory was always readable

Browse Source 
- changed chgrp and chmod, to allow admins to modify files/dirs owned by root"
This commit is contained in:
Ralf Becker 2008-11-09 16:10:36 +00:00
parent 96e773777f
commit 9d9bd270a2
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
phpgwapi/inc/class.sqlfs_stream_wrapper.inc.php
View File

@ -227,13 +227,15 @@ class sqlfs_stream_wrapper implements iface_stream_wrapper
} }
else else
{ {
if ($mode != 'r' && !egw_vfs::check_access($url,egw_vfs::WRITABLE,$stat)) // we are not allowed to edit it if ($mode == 'r' && !egw_vfs::check_access($url,egw_vfs::READABLE ,$stat) ||// we are not allowed to read
$mode != 'r' && !egw_vfs::check_access($url,egw_vfs::WRITABLE,$stat)) // or edit it
{ {
self::_remove_password($url); self::_remove_password($url);
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) file can not be edited!"); $op = $mode == 'r' ? 'read' : 'edited';
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$mode,$options) file can not be $op!");
if (!($options & STREAM_URL_STAT_QUIET)) if (!($options & STREAM_URL_STAT_QUIET))
{ {
trigger_error(__METHOD__."($url,$mode,$options) file can not be edited!",E_USER_WARNING); trigger_error(__METHOD__."($url,$mode,$options) file can not be $op!",E_USER_WARNING);
} }
$this->opened_stream = $this->opened_path = $this->opened_mode = null; $this->opened_stream = $this->opened_path = $this->opened_mode = null;
return false; return false;
@ -790,7 +792,7 @@ class sqlfs_stream_wrapper implements iface_stream_wrapper
trigger_error("No such file or directory $url !",E_USER_WARNING); trigger_error("No such file or directory $url !",E_USER_WARNING);
return false; return false;
} }
if (!egw_vfs::$is_root && $stat['uid'] != egw_vfs::$user) if (!egw_vfs::has_owner_rights($path,$stat))
{ {
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$owner) only owner or root can do that!"); if (self::LOG_LEVEL) error_log(__METHOD__."($url,$owner) only owner or root can do that!");
trigger_error("Only owner or root can do that!",E_USER_WARNING); trigger_error("Only owner or root can do that!",E_USER_WARNING);
@ -831,7 +833,7 @@ class sqlfs_stream_wrapper implements iface_stream_wrapper
trigger_error("No such file or directory $url !",E_USER_WARNING); trigger_error("No such file or directory $url !",E_USER_WARNING);
return false; return false;
} }
if (!egw_vfs::$is_root && $stat['uid'] != egw_vfs::$user) if (!egw_vfs::has_owner_rights($path,$stat))
{ {
if (self::LOG_LEVEL) error_log(__METHOD__."($url,$owner) only owner or root can do that!"); if (self::LOG_LEVEL) error_log(__METHOD__."($url,$owner) only owner or root can do that!");
trigger_error("Only owner or root can do that!",E_USER_WARNING); trigger_error("Only owner or root can do that!",E_USER_WARNING);