From 1f760f7da5c5160fc2087ba2e40c2fef9abb38ef Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Mon, 12 Nov 2007 15:36:53 +0000
Subject: Safer handling of syntax conversion

---
 it_auto_prepend.php | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/it_auto_prepend.php b/it_auto_prepend.php
index b2a3cec..4d7dcb9 100644
--- a/it_auto_prepend.php
+++ b/it_auto_prepend.php
@@ -19,7 +19,7 @@
 **	along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-define('IT_CONVERT_DIR', "/tmp/it_syntaxconverter");
+unset($GLOBALS['IT_SYNTAXCONVERTER_DIR']);	# Security measure for register_globals on
 
 #$debug_itclassloader = true;
 it_initialize();
@@ -30,6 +30,8 @@ function it_initialize()
 
 	if (!$it_initrecursion++)
 	{
+		$it_path = dirname(__FILE__);
+
 		if ($_SERVER['REMOTE_ADDR'])	# Web?
 		{
 			$GLOBALS['ULTRAHOME'] = dirname($_SERVER['DOCUMENT_ROOT']);
@@ -39,10 +41,19 @@ function it_initialize()
 		else	# Shell
 			$GLOBALS['ULTRAHOME'] = dirname(dirname(preg_match('|^/|', $argv[0]) ? $argv[0] : getcwd() . '/' . $argv[0]));
 
-		$needsconvert = !@eval("return is_array(42=>69,);");	# Check if PHP is patched to support our syntax, see http://cschneid.com/php/
+		$GLOBALS['IT_HOME'] = $GLOBALS['ULTRAHOME'];	# IT_HOME is recommended variable name for applications
+
+		if (!$GLOBALS['IT_SYNTAXCONVERTER_DIR'])
+		{
+			$GLOBALS['IT_SYNTAXCONVERTER_DIR'] = $GLOBALS['IT_HOME'] . "/tmp";
+
+			if (!is_writeable($GLOBALS['IT_SYNTAXCONVERTER_DIR']) || getmyuid() != fileowner($GLOBALS['IT_SYNTAXCONVERTER_DIR']))
+				die("Running in shared environment, set \$GLOBALS['IT_SYNTAXCONVERTER_DIR'] manually in\n$it_path/auto_prepend_local.php to either\n  FALSE (syntax conversion disabled) or\n  a path to a writeable directory (NOTE: /tmp IS UNSAFE!)\n");
+		}
+
+		$needsconvert = ($GLOBALS['IT_SYNTAXCONVERTER_DIR'] !== false) && !@eval("return is_array(42=>69,);");	# Check if PHP is patched to support our syntax, see http://cschneid.com/php/
 
 		$include_path = ini_get('include_path');
-		$it_path = dirname(__FILE__);
 
 		if ($autoloader = function_exists('spl_autoload_register') && spl_autoload_register('it_classloader'))
 		{
@@ -59,7 +70,7 @@ function it_initialize()
 		}
 
 		@set_error_handler("it_errorhandler", E_USER_ERROR | E_RECOVERABLE_ERROR | E_WARNING | E_USER_WARNING | E_NOTICE | E_USER_NOTICE);
-		ini_set('include_path', IT_CONVERT_DIR . ":$it_path:$include_path");
+		ini_set('include_path', $GLOBALS['IT_SYNTAXCONVERTER_DIR'] . "/it_syntaxconverter:$it_path:$include_path");
 		$user_includes = explode(":", $include_path);
 
 		# XXX Note: Comment this out if you want system wide include path converted and auto_prepend.php considered
@@ -113,7 +124,7 @@ function it_convert($source)
 	}
 	else if (is_readable($source))
 	{
-		$converted = IT_CONVERT_DIR . "/$source";
+		$converted = $GLOBALS['IT_SYNTAXCONVERTER_DIR'] . "/it_syntaxconverter/$source";
 
 		if (@filemtime($converted) < filemtime($source))
 		{
@@ -121,13 +132,12 @@ function it_convert($source)
 			$parts = explode("/", dirname($converted));
 
 			for ($i = 1; $i <= count($parts); $i++)
-				@mkdir(join("/", array_slice($parts, 0, $i)));
+				@mkdir(join("/", array_slice($parts, 0, $i)), 0700);
 
 			if ($output = fopen($converted, "w"))
 			{
 				fputs($output, $converter->output);
 				fclose($output);
-				chmod($converted, 0666);
 			}
 
 			clearstatcache();
-- 
cgit v1.2.3