diff options
| author | Christian Schneider | 2007-11-12 15:36:53 +0000 |
|---|---|---|
| committer | Christian Schneider | 2007-11-12 15:36:53 +0000 |
| commit | 1f760f7da5c5160fc2087ba2e40c2fef9abb38ef (patch) | |
| tree | acdac173d5000f6e760bb39fd7c6b4ddb64af16e /it_auto_prepend.php | |
| parent | 0405634b4f18c0fe195a777b8b8706a2c865026f (diff) | |
| download | itools-1f760f7da5c5160fc2087ba2e40c2fef9abb38ef.tar.gz itools-1f760f7da5c5160fc2087ba2e40c2fef9abb38ef.tar.bz2 itools-1f760f7da5c5160fc2087ba2e40c2fef9abb38ef.zip | |
Safer handling of syntax conversion
Diffstat (limited to 'it_auto_prepend.php')
| -rw-r--r-- | it_auto_prepend.php | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/it_auto_prepend.php b/it_auto_prepend.php index b2a3cec..4d7dcb9 100644 --- a/it_auto_prepend.php +++ b/it_auto_prepend.php @@ -19,7 +19,7 @@ ** along with this program. If not, see <http://www.gnu.org/licenses/>. */ -define('IT_CONVERT_DIR', "/tmp/it_syntaxconverter"); +unset($GLOBALS['IT_SYNTAXCONVERTER_DIR']); # Security measure for register_globals on #$debug_itclassloader = true; it_initialize(); @@ -30,6 +30,8 @@ function it_initialize() if (!$it_initrecursion++) { + $it_path = dirname(__FILE__); + if ($_SERVER['REMOTE_ADDR']) # Web? { $GLOBALS['ULTRAHOME'] = dirname($_SERVER['DOCUMENT_ROOT']); @@ -39,10 +41,19 @@ function it_initialize() else # Shell $GLOBALS['ULTRAHOME'] = dirname(dirname(preg_match('|^/|', $argv[0]) ? $argv[0] : getcwd() . '/' . $argv[0])); - $needsconvert = !@eval("return is_array(42=>69,);"); # Check if PHP is patched to support our syntax, see http://cschneid.com/php/ + $GLOBALS['IT_HOME'] = $GLOBALS['ULTRAHOME']; # IT_HOME is recommended variable name for applications + + if (!$GLOBALS['IT_SYNTAXCONVERTER_DIR']) + { + $GLOBALS['IT_SYNTAXCONVERTER_DIR'] = $GLOBALS['IT_HOME'] . "/tmp"; + + if (!is_writeable($GLOBALS['IT_SYNTAXCONVERTER_DIR']) || getmyuid() != fileowner($GLOBALS['IT_SYNTAXCONVERTER_DIR'])) + die("Running in shared environment, set \$GLOBALS['IT_SYNTAXCONVERTER_DIR'] manually in\n$it_path/auto_prepend_local.php to either\n FALSE (syntax conversion disabled) or\n a path to a writeable directory (NOTE: /tmp IS UNSAFE!)\n"); + } + + $needsconvert = ($GLOBALS['IT_SYNTAXCONVERTER_DIR'] !== false) && !@eval("return is_array(42=>69,);"); # Check if PHP is patched to support our syntax, see http://cschneid.com/php/ $include_path = ini_get('include_path'); - $it_path = dirname(__FILE__); if ($autoloader = function_exists('spl_autoload_register') && spl_autoload_register('it_classloader')) { @@ -59,7 +70,7 @@ function it_initialize() } @set_error_handler("it_errorhandler", E_USER_ERROR | E_RECOVERABLE_ERROR | E_WARNING | E_USER_WARNING | E_NOTICE | E_USER_NOTICE); - ini_set('include_path', IT_CONVERT_DIR . ":$it_path:$include_path"); + ini_set('include_path', $GLOBALS['IT_SYNTAXCONVERTER_DIR'] . "/it_syntaxconverter:$it_path:$include_path"); $user_includes = explode(":", $include_path); # XXX Note: Comment this out if you want system wide include path converted and auto_prepend.php considered @@ -113,7 +124,7 @@ function it_convert($source) } else if (is_readable($source)) { - $converted = IT_CONVERT_DIR . "/$source"; + $converted = $GLOBALS['IT_SYNTAXCONVERTER_DIR'] . "/it_syntaxconverter/$source"; if (@filemtime($converted) < filemtime($source)) { @@ -121,13 +132,12 @@ function it_convert($source) $parts = explode("/", dirname($converted)); for ($i = 1; $i <= count($parts); $i++) - @mkdir(join("/", array_slice($parts, 0, $i))); + @mkdir(join("/", array_slice($parts, 0, $i)), 0700); if ($output = fopen($converted, "w")) { fputs($output, $converter->output); fclose($output); - chmod($converted, 0666); } clearstatcache(); |