chmod 0775 directories we create

Security for the 'g+rx' should be handle by having the parent directory
inaccessible for global users, which is usually the case.

diff --git a/lib/gnusocial.php b/lib/gnusocial.php
index 3450b048883918e675238e31c3e55e9a02ef4ed5..789cece2bea924d2c04e35a60e3e926df000e762 100644 (file)
--- a/lib/gnusocial.php
+++ b/lib/gnusocial.php
@@ -461,6 +461,9 @@ class GNUsocial
             if (!mkdir($dir)) {
                 throw new ConfigException('Could not create directory for '._ve($description).': '._ve($dir));
             }
+            if (!chmod($dir, 0775)) {
+                common_log(LOG_WARNING, 'Could not chmod 0775 on directory for '._ve($description).': '._ve($dir));
+            }
         }
 
         if (!is_array(common_config('public', 'autosource'))) {