Properly working mms reception with public dir in data and valid rights, etc.

2025-04-20 16:37:48 +02:00 · 2021-03-27 01:15:09 +01:00 · 2021-03-27 01:15:09 +01:00 · 6acf28e3ce
commit 6acf28e3ce
parent 04a40049ce
5 changed files with 37 additions and 12 deletions
--- a/controllers/internals/Media.php
+++ b/controllers/internals/Media.php
@ -29,7 +29,12 @@ class Media extends StandardController
    public function create(int $id_user, string $tmpfile_path, ?string $extension = null)
    {
        $user_path = \controllers\internals\Tool::create_user_public_path($id_user);
-        if (!file_exists($tmpfile_path) || !is_readable($tmpfile_path))
+        if (!file_exists($tmpfile_path))
+        {
+            throw new \Exception('File ' . $tmpfile_path . ' does not exists.');
+        }
+        
+        if (!is_readable($tmpfile_path))
        {
            throw new \Exception('File ' . $tmpfile_path . ' is not readable.');
        }
@ -41,6 +46,11 @@ class Media extends StandardController
        $new_file_path = $user_path . '/' . $new_file_name;
        $new_file_relpath = $id_user . '/' . $new_file_name;

+        if (!file_put_contents($new_file_path, 'a'))
+        {
+            throw new \Exception('pute de merde');
+        }
+
        if (!rename($tmpfile_path, $new_file_path))
        {
            throw new \Exception('Cannot create file ' . $new_file_path);
@ -90,10 +100,18 @@ class Media extends StandardController
            throw new \Exception($upload_result['content']);
        }

-        return $this->create($id_user, $upload_result['tmp_name'], $upload_result['extension']);
+        //Move uploaded file to a tmp file
+        if (!$tmp_file = tempnam('/tmp', 'raspisms-media-'))
+        {
+            throw new \Exception('Cannot create tmp file in /tmp to store the uploaded file.');
+        }

-        $new_filepath = 'medias/' . $id_user . '/' . $upload_result['content'];
-        return $this->create($id_user, $new_filepath);
+        if (!move_uploaded_file($upload_result['tmp_name'], $tmp_file))
+        {
+            throw new \Exception('Cannot move uploaded file to : ' . $tmp_file);
+        }
+        
+        return $this->create($id_user, $tmp_file, $upload_result['extension']);
    }

    /**
--- a/controllers/internals/Tool.php
+++ b/controllers/internals/Tool.php
@ -306,19 +306,26 @@ namespace controllers\internals;
                return $new_dir;
            }

-            if (!mkdir($new_dir, fileperms(PWD_DATA_PUBLIC)))
+            clearstatcache();
+            if (!mkdir($new_dir))
            {
                throw new \Exception('Cannot create dir ' . $new_dir);
            }

-            if (!chown($new_dir, fileowner(PWD_DATA_PUBLIC)))
+            //We do chmod in two times because else umask fuck mkdir permissions
+            if (!chmod($new_dir, fileperms(PWD_DATA_PUBLIC) & 0777)) //Fileperms return garbage in addition to perms. Perms are only in weak bytes. We must use an octet notation with 0
            {
-                throw new \Exception('Cannot give dir ' . $new_dir . ' to user : ' . fileowner(PWD_DATA));
+                throw new \Exception('Cannot give dir ' . $new_dir . ' rights : ' . decoct(fileperms(PWD_DATA_PUBLIC) & 0777)); //Show error in dec
+            }
+
+            if (posix_getuid() === 0 && !chown($new_dir, fileowner(PWD_DATA_PUBLIC))) //If we are root, try to give the file to a proper user
+            {
+                throw new \Exception('Cannot give dir ' . $new_dir . ' to user : ' . fileowner(PWD_DATA_PUBLIC));
            }

            if (!chgrp($new_dir, filegroup(PWD_DATA_PUBLIC)))
            {
-                throw new \Exception('Cannot give dir ' . $new_dir . ' to group : ' . filegroup(PWD_DATA));
+                throw new \Exception('Cannot give dir ' . $new_dir . ' to group : ' . filegroup(PWD_DATA_PUBLIC));
            }

            return $new_dir;