From de4993bdd2170972f3c004bf7473bfd2032c2dda Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Tue, 26 May 2015 21:33:07 +0200 Subject: [PATCH] Introduced isReachableFilePath() and isReadableFile(). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- .../main/class_BaseFrameworkSystem.php | 57 ++++++++++++++++++- .../class_FrameworkRawFileInputPointer.php | 11 ++-- .../class_FrameworkTextFileInputPointer.php | 11 ++-- .../class_FrameworkFileInputOutputPointer.php | 9 ++- .../main/images/extended/class_PngImage.php | 2 +- inc/classes/main/scrypt/class_Scrypt.php | 2 +- inc/database.php | 4 +- inc/loader/class_ClassLoader.php | 4 +- inc/selector.php | 2 +- 9 files changed, 79 insertions(+), 23 deletions(-) diff --git a/inc/classes/main/class_BaseFrameworkSystem.php b/inc/classes/main/class_BaseFrameworkSystem.php index 026a06ba..f4d7d678 100644 --- a/inc/classes/main/class_BaseFrameworkSystem.php +++ b/inc/classes/main/class_BaseFrameworkSystem.php @@ -346,9 +346,11 @@ class BaseFrameworkSystem extends stdClass implements FrameworkInterface { const EXCEPTION_FATAL_ERROR = 0x035; const EXCEPTION_FILE_NOT_FOUND = 0x036; const EXCEPTION_ASSERTION_FAILED = 0x037; - const EXCEPTION_FILE_CANNOT_BE_READ = 0x038; - const EXCEPTION_DATABASE_UPDATED_NOT_ALLOWED = 0x039; - const EXCEPTION_FILTER_CHAIN_INTERCEPTED = 0x03a; + const EXCEPTION_FILE_NOT_REACHABLE = 0x038; + const EXCEPTION_FILE_CANNOT_BE_READ = 0x039; + const EXCEPTION_FILE_CANNOT_BE_WRITTEN = 0x03a; + const EXCEPTION_DATABASE_UPDATED_NOT_ALLOWED = 0x03b; + const EXCEPTION_FILTER_CHAIN_INTERCEPTED = 0x03c; /** * Hexadecimal->Decimal translation array @@ -3225,6 +3227,55 @@ class BaseFrameworkSystem extends stdClass implements FrameworkInterface { //* NOISY-DEBUG */ self::createDebugInstance(__CLASS__)->debugOutput('packed=' . $packed . ' - EXIT!'); return $packed; } + + /** + * Checks whether the given file/path is in open_basedir(). This does not + * gurantee that the file is actually readable and/or writeable. If you need + * such gurantee then please use isReadableFile() instead. + * + * @param $filePathName Name of the file/path to be checked + * @return $isReachable Whether it is within open_basedir() + */ + public static function isReachableFilePath ($filePathName) { + // Is not reachable by default + $isReachable = FALSE; + + // Get open_basedir parameter + $openBaseDir = ini_get('open_basedir'); + + // Is it set? + if (!empty($openBaseDir)) { + // Check all entries + foreach (explode(PATH_SEPARATOR, $openBaseDir) as $dir) { + // Check on existence + if (substr($filePathName, 0, strlen($dir)) == $dir) { + // Is reachable + $isReachable = TRUE; + } // END - if + } // END - foreach + } // END - if + + // Return status + return $isReachable; + } + + /** + * Checks whether the give file is within open_basedir() (done by + * isReachableFilePath()), is actually a file and is readable. + * + * @param $fileName Name of the file to be checked + * @return $isReadable Whether the file is readable (and therefor exists) + */ + public static function isReadableFile ($fileName) { + // Default is not readable + $isReadable = FALSE; + + // Is within parameters, so check if it is a file and readable + $isReadable = ((self::isReachableFilePath($fileName)) && (is_file($fileName)) && (is_readable($fileName))); + + // Return status + return $isReadable; + } } // [EOF] diff --git a/inc/classes/main/file_directories/input/raw/class_FrameworkRawFileInputPointer.php b/inc/classes/main/file_directories/input/raw/class_FrameworkRawFileInputPointer.php index 37f5adb2..a3b37020 100644 --- a/inc/classes/main/file_directories/input/raw/class_FrameworkRawFileInputPointer.php +++ b/inc/classes/main/file_directories/input/raw/class_FrameworkRawFileInputPointer.php @@ -37,8 +37,9 @@ class FrameworkRawFileInputPointer extends BaseFileIo implements InputPointer { * be verified here. * * @param $fileName The file name we shall pass to fopen() - * @throws FileIsEmptyException If the provided file name is empty. - * @throws FileIoException If fopen() returns not a file resource + * @throws FileIsEmptyException If the provided file name is empty. + * @throws FileIoException If the file is not reachable + * @throws FileReadProtectedException If the file is not found or cannot be read * @return void */ public static final function createFrameworkRawFileInputPointer ($fileName) { @@ -46,10 +47,10 @@ class FrameworkRawFileInputPointer extends BaseFileIo implements InputPointer { if ((is_null($fileName)) || (empty($fileName))) { // No filename given throw new FileIsEmptyException(NULL, self::EXCEPTION_UNEXPECTED_EMPTY_STRING); - } elseif (!file_exists($fileName)) { + } elseif (!BaseFrameworkSystem::isReachableFilePath($fileName)) { // File does not exist! - throw new FileIoException($fileName, self::EXCEPTION_FILE_NOT_FOUND); - } elseif (!is_readable($fileName)) { + throw new FileIoException($fileName, self::EXCEPTION_FILE_NOT_REACHABLE); + } elseif (!BaseFrameworkSystem::isReadableFile($fileName)) { // File does not exist! throw new FileReadProtectedException($fileName, self::EXCEPTION_FILE_CANNOT_BE_READ); } diff --git a/inc/classes/main/file_directories/input/text/class_FrameworkTextFileInputPointer.php b/inc/classes/main/file_directories/input/text/class_FrameworkTextFileInputPointer.php index 5338fe32..fa238a54 100644 --- a/inc/classes/main/file_directories/input/text/class_FrameworkTextFileInputPointer.php +++ b/inc/classes/main/file_directories/input/text/class_FrameworkTextFileInputPointer.php @@ -37,8 +37,9 @@ class FrameworkTextFileInputPointer extends BaseFileIo implements InputPointer { * be verified here. * * @param $fileName The file name we shall pass to fopen() - * @throws FileIsEmptyException If the provided file name is empty. - * @throws FileIoException If fopen() returns not a file resource + * @throws FileIsEmptyException If the provided file name is empty. + * @throws FileIoException If the file is not reachable + * @throws FileReadProtectedException If the file cannot be read from * @return void */ public static final function createFrameworkTextFileInputPointer ($fileName) { @@ -46,10 +47,10 @@ class FrameworkTextFileInputPointer extends BaseFileIo implements InputPointer { if ((is_null($fileName)) || (empty($fileName))) { // No filename given throw new FileIsEmptyException(NULL, self::EXCEPTION_UNEXPECTED_EMPTY_STRING); - } elseif (!file_exists($fileName)) { + } elseif (!BaseFrameworkSystem::isReachableFilePath($fileName)) { // File does not exist! - throw new FileIoException($fileName, self::EXCEPTION_FILE_NOT_FOUND); - } elseif (!is_readable($fileName)) { + throw new FileIoException($fileName, self::EXCEPTION_FILE_NOT_REACHABLE); + } elseif (!BaseFrameworkSystem::isReadableFile($fileName)) { // File does not exist! throw new FileReadProtectedException($fileName, self::EXCEPTION_FILE_CANNOT_BE_READ); } diff --git a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php index fc4d780c..edf9f572 100644 --- a/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php +++ b/inc/classes/main/file_directories/io/class_FrameworkFileInputOutputPointer.php @@ -48,12 +48,15 @@ class FrameworkFileInputOutputPointer extends BaseFileIo implements InputOutputP if ((is_null($fileName)) || (empty($fileName))) { // No filename given throw new FileIsEmptyException(NULL, self::EXCEPTION_UNEXPECTED_EMPTY_STRING); - } elseif ((file_exists($fileName)) && (!is_readable($fileName))) { + } elseif (!BaseFrameworkSystem::isReachableFilePath($fileName)) { + // File exists but cannot be read + throw new FileIoException($fileName, self::EXCEPTION_FILE_NOT_REACHABLE); + } elseif (!BaseFrameworkSystem::isReadableFile($fileName)) { // File exists but cannot be read throw new FileReadProtectedException($fileName, self::EXCEPTION_FILE_CANNOT_BE_READ); - } elseif ((file_exists($fileName)) && (!is_writable($fileName))) { + } elseif (!is_writable($fileName)) { // File exists but cannot be written - throw new FileWriteProtectedException($fileName, self::EXCEPTION_FILE_CANNOT_BE_READ); + throw new FileWriteProtectedException($fileName, self::EXCEPTION_FILE_CANNOT_BE_WRITTEN); } // Try to open a handler diff --git a/inc/classes/main/images/extended/class_PngImage.php b/inc/classes/main/images/extended/class_PngImage.php index 74f70fb9..ec0b89f1 100644 --- a/inc/classes/main/images/extended/class_PngImage.php +++ b/inc/classes/main/images/extended/class_PngImage.php @@ -65,7 +65,7 @@ class PngImage extends BaseImage { $cacheFile = $this->getTemplateInstance()->getImageCacheFqfn(); // Does it exist? - if (file_exists($cacheFile)) { + if (BaseFrameworkSystem::isReadableFile($cacheFile)) { // Remove it @unlink($cacheFile); } // END - if diff --git a/inc/classes/main/scrypt/class_Scrypt.php b/inc/classes/main/scrypt/class_Scrypt.php index bcbc5b3e..3bc5d76c 100644 --- a/inc/classes/main/scrypt/class_Scrypt.php +++ b/inc/classes/main/scrypt/class_Scrypt.php @@ -90,7 +90,7 @@ abstract class Scrypt extends BaseFrameworkSystem $buffer_valid = true; } } - if (!$buffer_valid && is_readable('/dev/urandom')) { + if (!$buffer_valid && BaseFrameworkSystem::isReadableFile('/dev/urandom')) { $f = fopen('/dev/urandom', 'r'); $read = static::strlen($buffer); while ($read < $length) { diff --git a/inc/database.php b/inc/database.php index dded1695..6b028d36 100644 --- a/inc/database.php +++ b/inc/database.php @@ -31,12 +31,12 @@ $databaseInstance = NULL; $fqfn = FrameworkConfiguration::getSelfInstance()->getConfigEntry('base_path') . 'inc/database/lib-' . FrameworkConfiguration::getSelfInstance()->getConfigEntry('db_type') . '.php'; // Load the database layer include -if ((file_exists($fqfn)) && (is_file($fqfn)) && (is_readable($fqfn))) { +if (BaseFrameworkSystem::isReadableFile($fqfn)) { // Load the layer require($fqfn); } else { // Layer is missing! - ApplicationEntryPoint::app_exit(sprintf("[Main:] Database layer is missing! (%s) -> R.I.P.", + ApplicationEntryPoint::app_exit(sprintf('[Main:] Database layer is missing! (%s) -> R.I.P.', FrameworkConfiguration::getSelfInstance()->getConfigEntry('db_type') )); } diff --git a/inc/loader/class_ClassLoader.php b/inc/loader/class_ClassLoader.php index 31fc9de2..11683c49 100644 --- a/inc/loader/class_ClassLoader.php +++ b/inc/loader/class_ClassLoader.php @@ -235,7 +235,7 @@ class ClassLoader { } // END - if // IS the cache there? - if (file_exists($this->listCacheFQFN)) { + if (BaseFrameworkSystem::isReadableFile($this->listCacheFQFN)) { // Get content $cacheContent = file_get_contents($this->listCacheFQFN); @@ -247,7 +247,7 @@ class ClassLoader { } // END - if // Does the class cache exist? - if (file_exists($this->classCacheFQFN)) { + if (BaseFrameworkSystem::isReadableFile($this->listCacheFQFN)) { // Then include it require($this->classCacheFQFN); diff --git a/inc/selector.php b/inc/selector.php index 1010386c..e8dffb2c 100644 --- a/inc/selector.php +++ b/inc/selector.php @@ -59,7 +59,7 @@ foreach ($configAppIncludes as $appInc) { $appFqFn = $basePathFile . '/' . $appInc . '.php'; // Does the include file exists? - if ((file_exists($appFqFn)) && (is_file($appFqFn)) && (is_readable($appFqFn))) { + if (BaseFrameworkSystem::isReadableFile($appFqFn)) { // Load it //* DEBUG: */ print basename(__FILE__)."[".__LINE__."]: Loading ".basename($appFqFn)." - START\n"; require($appFqFn); -- 2.30.2